Tails

#1 Updated by intrigeri 2018-08-21 14:25:01

• related to #15824 added

#2 Updated by intrigeri 2018-08-21 14:25:29

• blocks Feature #15334: Core work 2018Q3: Foundations Team added

#3 Updated by intrigeri 2018-08-22 11:53:22

• Subject changed from Review sudo config for potential privilege escalation to Harden sudo config to avoid potential future privilege escalation
• Description updated
• Status changed from Confirmed to In Progress
• Priority changed from High to Normal
• Target version changed from Tails_3.9 to Tails_3.10.1
• % Done changed from 0 to 10
• Private changed from Yes to No
• Feature Branch set to bugfix/15829-harden-sudo-config+force-all-tests
• Type of work changed from Security Audit to Code

#4 Updated by intrigeri 2018-08-22 16:24:24

• Assignee changed from intrigeri to segfault
• Estimated time set to 1 h
• QA Check set to Ready for QA

1h because it would be nice to manually test the affected bits that our automated test suite does not exercise (i.e. I think only the boot profile part).

#5 Updated by intrigeri 2018-08-22 16:25:15

• % Done changed from 10 to 50

Forgot to say: it passes our full automated test suite.

#6 Updated by intrigeri 2018-10-08 13:59:06

• blocked by deleted (Feature #15334: Core work 2018Q3: Foundations Team)

#7 Updated by intrigeri 2018-10-08 13:59:15

• blocks Feature #15506: Core work 2018Q4: Foundations Team added

#8 Updated by intrigeri 2018-10-12 14:04:42

• Assignee changed from segfault to lamby

(I think segfault has plenty enough on his plate for 3.10 => reassigning.)

@lamby: see comments above wrt. what should be manually tested. Thanks!

#10 Updated by lamby 2018-10-19 21:12:24

• File 2018-10-19_17-07.png added
• Assignee changed from lamby to intrigeri
• QA Check changed from Ready for QA to Pass

Methodology:

I built branch bugfix/15829-harden-sudo-config+force-all-tests at a42340eb8ae681ed279826e3f11191f8c5869a26 to generate tails-amd64-bugfix_15829-harden-sudo-config+force-all-tests-3.10-20181019T1930Z-a42340eb8a.iso which has a SHAAA-1 of c88ebd186e373d2387f4fc4a0f9304233f836644.

Expected behaviour:

/usr/local/sbin/tails-debugging-info (and friends) should reject any parameters when run under sudo. Running without parameters should work as before/expected.

Saw behaviour:

$ sudo /usr/local/sbin/tails-debugging-info DISALLOW was rejected. $ sudo /usr/local/sbin/tails-debugging-info was allowed. See attached screenshot.

Conclusion:

I consider this tested, working and ready to merge.

#13 Updated by intrigeri 2018-10-20 09:03:22

• QA Check changed from Pass to Ready for QA

#14 Updated by intrigeri 2018-10-20 10:16:20

• Status changed from In Progress to Fix committed
• Assignee deleted (intrigeri)
• % Done changed from 50 to 100
• QA Check changed from Ready for QA to Pass

intrigeri wrote:
> Thank you. I’ll test the “boot profile” part myself (mentioned in Bug #15829#note-4 but clearly lacking pointers for you to understand what I was talking about; FTR this is about the code we have for “SquashFS file order” in https://tails.boum.org/contribute/release_process/)

That works: the boot-profile process is correctly killed.

> If that works, I’ll merge.

Done! :)

#16 Updated by intrigeri 2018-10-22 11:56:31

• Status changed from Fix committed to In Progress

Applied in changeset commit:d9c6ac1a2b83e62808921bd0f5ea88dd9bd343aa.

#17 Updated by intrigeri 2018-10-24 16:57:47

• Status changed from In Progress to Resolved