Project

General

Profile

Bug #17112

Persistence config files "insecure" backup get emptied in some situations

Added by intrigeri about 1 month ago.

Status:
Confirmed
Priority:
Elevated
Assignee:
-
Category:
Persistence
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

As we can see on #10976#note-73 and #10976#note-66, if the permissions/ownership of the root directory of the persistent filesystem are wrong, live-additional-software.conf.insecure_disabled ends up being empty, which is unfortunate as it's meant to be a backup that the user can later restore by hand.

I believe that's because every call to disable_and_create_empty_persistence_conf_file in live-persist will rename the current live-additional-software.conf to live-additional-software.conf.insecure_disabled. So if the user immediately fixes the problem, the first time it happens, then we're good. But if they reboot and unlock their persistence again, the (non-empty) backup gets overwritten by live-persist which replaces it with the new, empty config file it created during last boot.

Solution: ensure disable_and_create_empty_persistence_conf_file does not replace a non-empty .insecure_disabled backup file with an empty one.

Priority >> normal because it makes it harder to recover from the already painful #10976.

Note: I don't understand why, in Cody's report, the same problem did not happen for persistence.conf. There might be another problem on top of this one. But this should not block it from fixing the problem I've already understood here :)


Related issues

Related to Tails - Bug #10976: persistence.conf lost, recoverable by reconfiguring In Progress 02/12/2019
Related to Tails - Bug #17116: Improve lost persistence.conf instructions on known issues page Needs Validation
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by intrigeri about 1 month ago

  • Related to Bug #10976: persistence.conf lost, recoverable by reconfiguring added

#2 Updated by intrigeri about 1 month ago

#3 Updated by cbrownstein about 1 month ago

  • Related to Bug #17116: Improve lost persistence.conf instructions on known issues page added

Also available in: Atom PDF