Bug #14508

Get critical parts of Tails audited

Added by jvoisin 2017-08-30 09:36:43 . Updated 2020-03-09 18:33:42 .

Status:
Confirmed
Priority:
Low
Assignee:
Category:
Target version:
Start date:
2017-08-30
Due date:
% Done:

0%

Feature Branch:
Type of work:
Security Audit
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

It would be nice to have to following parts or Tails audited:

  • Audit whatever upgrade mechanism we replace the current Tails Upgrader with in the “Rethink upgrade/installation” effort (possible in ~2 years probably).
    - Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. ~1 kLoC of perl (but big parts are irrelevant since it is about generating IUKs.)
  • Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
  • Torification escapes for the Live user and other critical users
  • Persistence
    - Arbitrary persistence by the Live user
    - Permissions of the device and data of the persistent device (Audit should be less than a day)
  • Audit anonym’s Thunderbird auto-config patches (Javascript, 9 files changed, 254 insertions(+), 99 deletions(-).)

Subtasks


Related issues

Related to Tails - Feature #7465: Test if the persistent filesystem's root directory needs to be world-readable Confirmed 2014-06-25
Related to Tails - Bug #11051: Audit applications using WebKit ports in Tails Resolved 2019-01-06

History

#1 Updated by jvoisin 2017-08-30 09:38:57

I’m forwarding this to an interested company that might want to do it for free, as form of a donation.

#2 Updated by mercedes508 2017-08-30 10:03:15

  • Status changed from New to Confirmed

#3 Updated by BitingBird 2017-08-30 10:33:59

  • Target version set to 2018

#4 Updated by intrigeri 2017-09-01 10:49:05

> - Permissions of the device and data of the persistent device (Audit should be less than a day)

Feature #7465 seems relevant here.

#5 Updated by ikki 2017-12-04 18:48:44

jvoisin wrote:
> I’m forwarding this to an interested company that might want to do it for free, as form of a donation.

If that didn’t happen, we (Doyensec) would be also happy to provide testing services at a discounted rate for OSS projects, no-profit, etc. - in case infodoyensec.com

#6 Updated by Anonymous 2018-08-17 06:49:27

  • related to Feature #7465: Test if the persistent filesystem's root directory needs to be world-readable added

#7 Updated by Anonymous 2018-08-17 06:50:09

ikki wrote:
> jvoisin wrote:
> > I’m forwarding this to an interested company that might want to do it for free, as form of a donation.
>
> If that didn’t happen, we (Doyensec) would be also happy to provide testing services at a discounted rate for OSS projects, no-profit, etc. - in case infodoyensec.com

Hi! Thanks for the proposal. We will think about it.

#8 Updated by Anonymous 2018-08-17 06:50:34

We might also want to ask via Twitter or a blog post.

#9 Updated by Anonymous 2018-08-17 16:51:46

  • related to Bug #11051: Audit applications using WebKit ports in Tails added

#10 Updated by jvoisin 2018-08-19 20:46:38

I’m more-or-less confident that the aforementioned interested company that I mentioned won’t be able to do it.

#11 Updated by intrigeri 2018-08-20 07:39:23

> I’m more-or-less confident that the aforementioned interested company that I mentioned won’t be able to do it.

IIRC the main reason why we dared adding this to our 2018 roadmap was that specific opportunity.
Do you have another similar opportunity in mind? Or reasonable chances that one appears, say, in 2019?
If yes, I say let’s move this to our roadmap for 2019.
Otherwise, I think it’s unrealistic to keep this on our roadmap.

It would be nice to have this info by August 26 so we have it in time for our roadmapping session :)

#12 Updated by nodens 2018-08-30 13:19:05

  • Target version deleted (2018)

removing target version after Summit Roadmap session

#13 Updated by jvoisin 2018-09-03 16:47:51

Unfortunately, now that I’m changing my job, there is no one left at work to push the project, so odds are that the idea of an audit will quickly be “re-prioritized” and forgotten.

#14 Updated by intrigeri 2018-11-02 14:39:01

  • Assignee changed from jvoisin to intrigeri

I’ll try (no promise, if someone feels more confident they’ll do it, please take over) to coordinate something in the second half of 2019, after the Tails 4.0 release, between:

  • the OTF Red Team
  • someone who could be the primary point of contact for the auditors: jvoisin?
  • someone on the Foundations Team who could 1. talk with the auditors when they need clarification or details that jvoisin lacks; 2. deal with whatever needs to be fixed urgently; 3. be fine with low-latency communication needs

Note to myself: the context & details are in the “[OTF-Talk] The Red Team and Engineering Labs have been updated” thread in my mailbox.

#15 Updated by intrigeri 2020-03-09 18:33:42

  • Assignee deleted (intrigeri)

I don’t see the FT doing its part of this job in the next 6-12 months.