Feature #15299
Restrict access to onionkit via D-Bus
0%
Description
The new backend of Tails Server, onionkit, is accessed via D-Bus. We don’t want unauthorized programs to be able to access onionkit, because it allows performing privileged actions (e.g. starting and stopping services) and gives access to sensitive information (e.g. onion addresses and server passwords).
The polkit currently shipped in Debian Stretch and Buster only allows creating rules based on unix usernames and groups, because it still uses the old-style .pkla
rules. So polkit can be used to restrict access to amnesia
, but we also don’t want all programs running as amnesia
to be able to access onionkit.
The new JavaScript based .rules
would allow more fine-grained access control, for example by using the program name (action.lookup("program")
).
Subtasks
History
#1 Updated by intrigeri 2018-02-11 06:51:29
Note: fine-grained D-Bus mediation via AppArmor has good chances to land in Linux mainline this year. I can keep you updated if you want.
#2 Updated by segfault 2018-08-05 19:24:25
- Target version deleted (
Tails_3.9)
#3 Updated by segfault 2019-07-19 22:04:38
- Affected tool set to Server