Project

General

Profile

Feature #7465

Test if the persistent filesystem's root directory needs to be world-readable

Added by intrigeri almost 5 years ago. Updated over 1 year ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Persistence
Target version:
-
Start date:
06/25/2014
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

Things like #7443 would not be an issue if /live/persistence/TailsData_unlocked/ had e.g. permissions 0770. What prevents us from doing this? Possibly, we might want to add an ACL to grant the amnesia user read access to this directory, but it's probably not really needed, as the persistent directories are usually bind-mounted to places that this user can read.


Related issues

Related to Tails - Bug #7443: Persistent files have unsafe permissions Resolved 06/25/2014
Related to Tails - Bug #14508: Get critical parts of Tails audited Confirmed 08/30/2017

History

#1 Updated by intrigeri almost 5 years ago

  • Related to Bug #7443: Persistent files have unsafe permissions added

#2 Updated by intrigeri almost 2 years ago

  • Subject changed from Investigate if the persistent filesystem's root directory needs to be world-readable to Test if the persistent filesystem's root directory needs to be world-readable
  • Type of work changed from Research to Code

Next step: create a branch that implements what's described above, and see how our test suite likes it.

#3 Updated by intrigeri over 1 year ago

  • in tails-persistence-setup's bin/tails-fix-persistent-volume-permissions: chmod 0770 instead of 0775
  • migrate existing persistent filesystems in live-persist: before calling mountpoint_has_correct_access_rights, if the mountpoint has the old permissions (775), chmod it 770

#4 Updated by u 9 months ago

  • Related to Bug #14508: Get critical parts of Tails audited added

Also available in: Atom PDF