Bug #11137

Try to detect/warn in greeter if user has plugged tails device into untrusted system

Added by hybridwipe 2016-02-18 18:06:22 . Updated 2020-04-15 06:01:56 .

Status:
In Progress
Priority:
Normal
Assignee:
hybridwipe
Category:
Target version:
Start date:
2016-02-18
Due date:
% Done:

10%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Welcome Screen
Deliverable for:

Description

See https://mailman.boum.org/pipermail/tails-dev/2016-February/010302.html, and the wider thread for background info.

In summary, some users are plugging in their Tails USB device into non-trustworthy systems, (e.g., Windows / OSX), and potentially infecting themselves. This is often noticeable because of stray files these OSes leave behind, e.g., .DS_Store, Thumbs.db, __MACOSX, etc.

We should detect these files and if any are found on the device, warn the user that their device is potentially compromised. Until Feature #7496 is finished, we don’t have any way to verify the Tails installation. Advising the user to make a clean install is likely the best course of action at this point.

A further improvement would be to detect hidden partitions on the device, and potentially change the warning as appropriate.


Files


Subtasks


Related issues

Related to Tails - Bug #11102: Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick Confirmed 2016-02-10

History

#1 Updated by hybridwipe 2016-02-18 18:06:36

  • related to Bug #11102: Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick added

#2 Updated by intrigeri 2016-02-18 20:39:51

  • Status changed from New to Confirmed

#3 Updated by hybridwipe 2016-03-02 02:38:24

Here’s a rough draft of what I’m thinking for detecting stray files. It doesn’t yet do anything in the greeter, nor is it integrated into the build/boot process :), and it doesn’t detect hidden partitions yet either (I need to research how to script that).

#4 Updated by BitingBird 2016-06-29 06:55:40

  • Assignee changed from hybridwipe to intrigeri
  • % Done changed from 0 to 10
  • QA Check changed from Dev Needed to Ready for QA

A patch was proovided, it should be reviewed :)

#5 Updated by intrigeri 2016-06-30 08:02:48

  • Assignee changed from intrigeri to hybridwipe
  • QA Check changed from Ready for QA to Dev Needed

> A patch was proovided, it should be reviewed :)

Not really: the patch is incomplete, and hybridwipe didn’t ask for other people to look at it yet.

#6 Updated by alant 2016-08-20 02:47:46

hybridwipe, are you still working on that? If you plan to work on greeter integration, please plug into the new greeter, in feature/revamp_phase1 in the greeter repository.

#7 Updated by Anonymous 2017-06-30 10:41:22

ping @hybridwipe, please see previous comment by alan. If you don’t plan to work on this anymore, please unassign yourself from this ticket. Thanks!

#8 Updated by intrigeri 2020-04-15 06:01:56

  • Affected tool changed from Greeter to Welcome Screen