Project

General

Profile

Bug #14508

Get critical parts of Tails audited

Added by jvoisin about 1 year ago. Updated 11 days ago.

Status:
Confirmed
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
08/30/2017
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Security Audit
Blueprint:
Starter:
Affected tool:

Description

It would be nice to have to following parts or Tails audited:

  • Audit whatever upgrade mechanism we replace the current Tails Upgrader with in the "Rethink upgrade/installation" effort (possible in ~2 years probably).
    - Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. ~1 kLoC of perl (but big parts are irrelevant since it is about generating IUKs.)
  • Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
  • Torification escapes for the Live user and other critical users
  • Persistence
    - Arbitrary persistence by the Live user
    - Permissions of the device and data of the persistent device (Audit should be less than a day)
  • Audit anonym's Thunderbird auto-config patches (Javascript, 9 files changed, 254 insertions(+), 99 deletions(-).)

Related issues

Related to Tails - Feature #7465: Test if the persistent filesystem's root directory needs to be world-readable Confirmed 06/25/2014
Related to Tails - Bug #11051: Audit applications using WebKit ports in Tails Confirmed 02/03/2016

History

#1 Updated by jvoisin about 1 year ago

I'm forwarding this to an interested company that might want to do it for free, as form of a donation.

#2 Updated by mercedes508 about 1 year ago

  • Status changed from New to Confirmed

#3 Updated by BitingBird about 1 year ago

  • Target version set to 2018

#4 Updated by intrigeri about 1 year ago

- Permissions of the device and data of the persistent device (Audit should be less than a day)

#7465 seems relevant here.

#5 Updated by ikki 11 months ago

jvoisin wrote:

I'm forwarding this to an interested company that might want to do it for free, as form of a donation.

If that didn't happen, we (@Doyensec) would be also happy to provide testing services at a discounted rate for OSS projects, no-profit, etc. - in case

#6 Updated by u 3 months ago

  • Related to Feature #7465: Test if the persistent filesystem's root directory needs to be world-readable added

#7 Updated by u 3 months ago

ikki wrote:

jvoisin wrote:

I'm forwarding this to an interested company that might want to do it for free, as form of a donation.

If that didn't happen, we (@Doyensec) would be also happy to provide testing services at a discounted rate for OSS projects, no-profit, etc. - in case

Hi! Thanks for the proposal. We will think about it.

#8 Updated by u 3 months ago

We might also want to ask via Twitter or a blog post.

#9 Updated by u 3 months ago

  • Related to Bug #11051: Audit applications using WebKit ports in Tails added

#10 Updated by jvoisin 3 months ago

I'm more-or-less confident that the aforementioned interested company that I mentioned won't be able to do it.

#11 Updated by intrigeri 3 months ago

I'm more-or-less confident that the aforementioned interested company that I mentioned won't be able to do it.

IIRC the main reason why we dared adding this to our 2018 roadmap was that specific opportunity.
Do you have another similar opportunity in mind? Or reasonable chances that one appears, say, in 2019?
If yes, I say let's move this to our roadmap for 2019.
Otherwise, I think it's unrealistic to keep this on our roadmap.

It would be nice to have this info by August 26 so we have it in time for our roadmapping session :)

#12 Updated by nodens 2 months ago

  • Target version deleted (2018)

removing target version after Summit Roadmap session

#13 Updated by jvoisin 2 months ago

Unfortunately, now that I'm changing my job, there is no one left at work to push the project, so odds are that the idea of an audit will quickly be "re-prioritized" and forgotten.

#14 Updated by intrigeri 11 days ago

  • Assignee changed from jvoisin to intrigeri

I'll try (no promise, if someone feels more confident they'll do it, please take over) to coordinate something in the second half of 2019, after the Tails 4.0 release, between:

  • the OTF Red Team
  • someone who could be the primary point of contact for the auditors: jvoisin?
  • someone on the Foundations Team who could 1. talk with the auditors when they need clarification or details that jvoisin lacks; 2. deal with whatever needs to be fixed urgently; 3. be fine with low-latency communication needs

Note to myself: the context & details are in the "[OTF-Talk] The Red Team and Engineering Labs have been updated" thread in my mailbox.

Also available in: Atom PDF