Project

General

Profile

Bug #11137

Try to detect/warn in greeter if user has plugged tails device into untrusted system

Added by hybridwipe almost 4 years ago. Updated over 2 years ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
02/18/2016
Due date:
% Done:

10%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:
Greeter

Description

See https://mailman.boum.org/pipermail/tails-dev/2016-February/010302.html, and the wider thread for background info.

In summary, some users are plugging in their Tails USB device into non-trustworthy systems, (e.g., Windows / OSX), and potentially infecting themselves. This is often noticeable because of stray files these OSes leave behind, e.g., .DS_Store, Thumbs.db, __MACOSX, etc.

We should detect these files and if any are found on the device, warn the user that their device is potentially compromised. Until #7496 is finished, we don't have any way to verify the Tails installation. Advising the user to make a clean install is likely the best course of action at this point.

A further improvement would be to detect hidden partitions on the device, and potentially change the warning as appropriate.

detect_proprietary_garbage.sh View (3.1 KB) hybridwipe, 03/02/2016 02:36 AM


Related issues

Related to Tails - Bug #11102: Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick Confirmed 02/10/2016

History

#1 Updated by hybridwipe almost 4 years ago

  • Related to Bug #11102: Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick added

#2 Updated by intrigeri almost 4 years ago

  • Status changed from New to Confirmed

#3 Updated by hybridwipe almost 4 years ago

Here's a rough draft of what I'm thinking for detecting stray files. It doesn't yet do anything in the greeter, nor is it integrated into the build/boot process :), and it doesn't detect hidden partitions yet either (I need to research how to script that).

#4 Updated by BitingBird over 3 years ago

  • Assignee changed from hybridwipe to intrigeri
  • % Done changed from 0 to 10
  • QA Check changed from Dev Needed to Ready for QA

A patch was proovided, it should be reviewed :)

#5 Updated by intrigeri over 3 years ago

  • Assignee changed from intrigeri to hybridwipe
  • QA Check changed from Ready for QA to Dev Needed

A patch was proovided, it should be reviewed :)

Not really: the patch is incomplete, and hybridwipe didn't ask for other people to look at it yet.

#6 Updated by alant over 3 years ago

hybridwipe, are you still working on that? If you plan to work on greeter integration, please plug into the new greeter, in feature/revamp_phase1 in the greeter repository.

#7 Updated by u over 2 years ago

ping @hybridwipe, please see previous comment by alan. If you don't plan to work on this anymore, please unassign yourself from this ticket. Thanks!

Also available in: Atom PDF