Bug #15018
Decide if we do a Tails 3.3.1 emergency release
100%
Description
- new Tor security fixes to be investigated: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
- Tor Browser based on 52.5.2esr
Subtasks
Related issues
Related to Tails - |
Resolved | 2017-12-06 | |
Related to Tails - |
Rejected | 2018-06-11 | |
Blocks Tails - |
Resolved | 2017-06-29 |
History
#1 Updated by intrigeri 2017-12-06 12:57:35
- blocks
Feature #13244: Core work 2017Q4: Foundations Team added
#2 Updated by intrigeri 2017-12-06 14:49:06
- Status changed from Confirmed to Resolved
- % Done changed from 0 to 100
Wrt. Tor Browser: apparently the only issue fixed that affects Tails is a crash. Our help desk hasn’t seen more crash reports than usual. So if we have to do an emergency release for another reason, let’s pick this update too, but it does not seem to be worth an emergency release in itself.
Wrt. tor: in Tails 3.3 we ship 0.3.1.8-2~d90.stretch+1, the fix is in 0.3.1.9-1~d90.stretch+1 that’s available in the APT repo where we full tor from, so we could easily upgrades. Issues fixed in 0.3.1.9:
- TROVE-2017-009, TROVE-2017-013: only affects people running HS v2, we don’t support that yet
- TROVE-2017-010: only affects directory authorities; AFAIK nobody runs one on Tails
- TROVE-2017-012: only affects relays
- TROVE-2017-011: “If it causes an onion service or busy client to block, this could aid in traffic analysis” which seems bad, but “Tor instances run without a terminal, which is the case for most Tor packages, are not impacted”. The tor systemd unit files don’t override
StandardInput=
which defaults to “null” so we’re good.
=> I think we can skip this update in Tails 3.3, but it would be nice to have these fixes in 3.5 so I’ll file a ticket about it.
I wouldn’t mind if someone double-checked my analysis but I don’t want to overload anonym with yet another ticket.
#3 Updated by intrigeri 2017-12-06 14:50:25
- related to
Bug #15019: Upgrade tor to 0.3.1.9+ added
#4 Updated by cacahuatl 2017-12-16 16:12:32
>only affects people running HS v2, we don’t support that yet
v2 is the current onion services, v3 is next gen. so onionshare, for example, is affected by those.
#5 Updated by intrigeri 2017-12-17 15:44:24
- Status changed from Resolved to In Progress
- % Done changed from 100 to 50
>> only affects people running HS v2, we don’t support that yet
> v2 is the current onion services, v3 is next gen. so onionshare, for example, is affected by those.
Oops, wow, looks like I’ve been sloppy. First I got my HS protocol version numbers wrong and second I totally forgot about OnionShare (I had Tails Server in mind but that’s not released yet). Thanks for being on top of things and noticing issues with my work!
So I’m reopening this ticket and will take another look at it shortly.
#6 Updated by intrigeri 2017-12-23 08:52:03
- % Done changed from 50 to 60
So on our current stable branch we fix three important problems:
- TROVE-2017-009 (“this fix helps prevent a traffic confirmation attack” but the same problem remains exploitable in another way) and TROVE-2017-013 (“We believe this to be quite difficult to trigger remotely because of the specific conditions that tor needs to be in. However, it could be possible but hard to be induced by a malicious Guard node suspecting a connection to be an onion service.”) => would be nice to have these fixes but they don’t seem worth an emergency release.
Bug #14993: kinda important for UX (top “hot topic” at our help desk recently)Bug #14964: I’m told many users are lead to believe that Tails 3.3 simply cannot start on their computer
… and a bunch of less important bugs.
IMO all this together almost warrants an emergency release; Bug #15095 will probably tip the balance in the “OMG we have to release now!” direction.
#7 Updated by intrigeri 2017-12-23 08:52:13
- related to
Bug #15095: Mitigate BPF security issues added
#8 Updated by intrigeri 2017-12-23 08:57:18
- Status changed from In Progress to Resolved
- % Done changed from 60 to 100
intrigeri wrote:
> Bug #15095 will probably tip the balance in the “OMG we have to release now!” direction.
Except it won’t: Tails has had the mitigation in place since 2.10 :)
So my conclusion is: it would be nice to do an emergency release provided enough time/energy, but it’s not a must; given it’ll be hard to get available RM + testers to put a release out at this time of the year, let’s forget it.