Project

General

Profile

Feature #15299

Feature #5688: Tails Server: Self-hosted services behind Tails-powered onion services

Restrict access to onionkit via D-Bus

Added by segfault over 1 year ago. Updated 2 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
02/10/2018
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Server

Description

The new backend of Tails Server, onionkit, is accessed via D-Bus. We don't want unauthorized programs to be able to access onionkit, because it allows performing privileged actions (e.g. starting and stopping services) and gives access to sensitive information (e.g. onion addresses and server passwords).

The polkit currently shipped in Debian Stretch and Buster only allows creating rules based on unix usernames and groups, because it still uses the old-style .pkla rules. So polkit can be used to restrict access to amnesia, but we also don't want all programs running as amnesia to be able to access onionkit.

The new JavaScript based .rules would allow more fine-grained access control, for example by using the program name (action.lookup("program")).

History

#1 Updated by intrigeri over 1 year ago

Note: fine-grained D-Bus mediation via AppArmor has good chances to land in Linux mainline this year. I can keep you updated if you want.

#2 Updated by segfault about 1 year ago

  • Target version deleted (Tails_3.9)

#3 Updated by segfault 2 months ago

  • Affected tool set to Server

Also available in: Atom PDF