Bug #11365

Clarify the security implications of 'failsafe' startup option

Added by elouann 2016-04-25 03:04:24 . Updated 2016-12-05 19:27:24 .

Status:
Resolved
Priority:
Low
Assignee:
Category:
Target version:
Start date:
2016-04-25
Due date:
% Done:

100%

Feature Branch:
feature/11975-boot-menu-wording
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

The documentation reads “The failsafe mode disables some features of the kernel and might work better on some computers. You can try this option if you think you are experiencing errors related to hardware compatibility while starting Tails.”[1]

Many users are able to boot and use Tails with this option, the documentation should clarify which “features of the kernel” are disabled, especially wrt. security features

[1] https://tails.boum.org/doc/first_steps/startup_options

Subtasks

History

#1 Updated by intrigeri 2016-04-29 02:57:28

  • Assignee set to elouann
  • QA Check set to Info Needed

> […] the documentation should clarify which “features of the kernel” are disabled, especially wrt. security features

Is this ticket about the security impact of “failsafe” only? If yes, please clarify the title accordingly.

And then, my 2 cts: AFAICT, the options added by failsafe should have no security impact. They only affect how hardware is handled (e.g. various hardware features, such as SMP, won’t be supported).

#2 Updated by elouann 2016-04-29 06:59:22

  • Subject changed from Clarify 'failsafe' startup option to Clarify the security implications of 'failsafe' startup option

> Is this ticket about the security impact of “failsafe” only? If yes, please clarify the title accordingly.

Yes -> title changed

#3 Updated by intrigeri 2016-04-29 12:50:02

  • Assignee deleted (elouann)
  • Priority changed from Normal to Low
  • QA Check deleted (Info Needed)

Thanks! (No assignee and no big deal really => low priority.)

#4 Updated by huertanix 2016-06-13 21:01:22

Hi. “Is failsafe safer [meaning safer for privacy] than ‘Live’ mode?” was a common question at the Freedom of the Press Foundation’s March 19th Tails training workshop in NYC. A possible improvement would be to clarify both Live and Live (failsafe) at the boot prompt by renaming it to something like “Normal Mode” and “Diagnostic Mode (failsafe)” to reflect the use cases that each is intended for.

#5 Updated by sajolida 2016-06-16 10:49:24

  • Assignee set to sajolida
  • Parent task set to Feature #10178
  • Type of work changed from End-user documentation to Code

Thanks for moving this forward. It made me realize that this should be a subtask of Feature #10178. In Feature #10178#note-5, I suggested using “debug”, maybe “troubleshooting” would do too. But I agree that “failsafe” is not appropriate. What do you think?

#6 Updated by sajolida 2016-06-17 08:36:21

  • Assignee changed from sajolida to huertanix
  • QA Check set to Info Needed

Reassigning to huertanix to have his opinion.

#7 Updated by cypherpunks 2016-07-01 05:05:44

Considering the failsafe mode sets nomodeset which causes /dev/dri/ to no longer be exposed, sending all graphics through /dev/fb0, rendered by Xorg in usermode instead, it ironically is much safer security-wise than the regular, non-failsafe mode. And nosmp cuts a lot of racy code out of the kernel too. Not that I’m suggesting the name is appropriate, just pointing it out.

#8 Updated by huertanix 2016-08-10 23:45:23

“Debug Mode” and “Troubleshooting Mode” might also work, but with limitations; I was thinking of using “diagnostic” because it might translate easier since “trouble shooting” might be confusing to non-technical users with English as a second language since both terms (trouble, shooting) have multiple meanings and might not make sense unless they have a technical background where they’ve head the phrase uses. “Debug” might have similar issues but I don’t know how many other languages correlate software problems with insects.

#9 Updated by intrigeri 2016-08-11 01:29:36

  • Assignee changed from huertanix to sajolida
  • QA Check deleted (Info Needed)

(Requested info was provided, reassigning to sajolida for further triaging.)

#10 Updated by sajolida 2016-08-11 08:35:02

Thanks for the feedback.

When in doubt about terminology, I often look at what other style guides do. “Debug” is not in the Apple style guide but “troubleshoot” it. The Microsoft style guide has an entry for “debug” that reads: “Debug is a valid technical term in content for software developers. Do not use debug in any context as
a synonym for troubleshoot. Use troubleshoot or a more accurate word or phrase instead.”. Which makes sense. So I’ll go for “troubleshooting” I think.

#11 Updated by huertanix 2016-08-11 18:56:51

I see; It seems like Microsoft’s explanation mentions it’s oriented towards just software developers though? If “troubleshooting” is standardized enough to be understood by a wider range of people than just software developers, I think it’s ok. We should definitely mention “Troubleshooting Mode” in that case though, so that people understand it’s a mode and not a wizard interface or anything.

#12 Updated by sajolida 2016-08-12 06:25:43

I agree with “Troubleshooting Mode”.

#13 Updated by intrigeri 2016-12-05 19:27:24

  • Status changed from Confirmed to Resolved
  • Assignee deleted (sajolida)
  • % Done changed from 0 to 100
  • Feature Branch set to feature/11975-boot-menu-wording

Done on the topic branch, so let’s close this ticket so that it’s clearer (on the parent ticket) what’s left to do.