Feature #5340

Analyze "vpwns" FOCI12 paper

Added by Tails 2013-07-18 07:39:20 . Updated 2019-03-08 16:09:02 .

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:

Affected tool:
Deliverable for:


We should analyze https://www.usenix.org/conference/foci12/vpwns-virtual-pwned-networks and decide what we should do.

Being discussed on tails-dev, starting with https://mailman.boum.org/pipermail/tails-dev/2012-August/001487.html



Related issues

Related to Tails - Feature #5293: Block dangerous LAN traffic Confirmed
Related to Tails - Feature #7976: Disable LAN access in Tor Browser Resolved 2014-11-05
Blocks Tails - Feature #15167: Decide what to do with LAN traffic Confirmed 2018-01-15


#1 Updated by BitingBird 2014-04-06 02:21:25

  • Description updated
  • Target version set to Hole in the Roof
  • Starter set to No

Setting priority according to https://mailman.boum.org/pipermail/tails-dev/2014-March/005265.html

#2 Updated by BitingBird 2014-06-20 13:52:08

  • Subject changed from analyze Jake FOCI12 paper to Analyze Jake FOCI12 paper

#3 Updated by Dr_Whax 2014-07-10 15:49:19

Added more information to Feature #5293

#4 Updated by BitingBird 2014-07-10 15:56:41

  • Assignee set to Dr_Whax

DrWhax, do you think you finished analyzing the paper, or it should be read again?

#5 Updated by intrigeri 2014-07-21 16:18:16

I’ve sent my initial (rough, old, incomplete, possibly flawed) notes and security discussion to DrWhax. Hoping it helps.

#6 Updated by ioerror 2014-07-24 10:28:57

I’ve created a patch that largely resolves this issue. The patch does not fix it for users which are allowed to directly connect to the internet.

#7 Updated by ioerror 2014-07-25 12:25:08

I realized that while the firewall rules must be updated, the browser also needs an update - I had forgotten that the LAN Foxyproxy rule was in place by default. I’ve added a second patch - please merge both of these patches to fix the leaks in the browser and the firewall.

#8 Updated by Dr_Whax 2014-07-27 17:34:28

  • Target version changed from Hole in the Roof to Tails_1.2
  • QA Check set to Ready for QA

#9 Updated by anonym 2014-10-01 05:02:27

  • related to Feature #7976: Disable LAN access in Tor Browser added

#10 Updated by intrigeri 2014-10-08 08:18:11

  • QA Check deleted (Ready for QA)

(Removing “Ready for QA”, as this ticket is about researching how much of the problem applies to Tails, before we can discuss what we want to do, and then we’ll have another ticket about implementing the chosen solution, which may be Jake’s proposed one, or something else.)

#11 Updated by intrigeri 2014-10-08 08:18:52

DrWhax, any status update? What milestone can we postpone this to?

#12 Updated by anonym 2014-10-16 08:11:12

  • Target version changed from Tails_1.2 to Tails_1.2.1

#13 Updated by ioerror 2014-10-24 13:23:14

Any update on this?

The patch that I provided on the mailing list should fix the leak for the general case.

#14 Updated by BitingBird 2014-12-01 17:30:25

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#15 Updated by BitingBird 2014-12-03 19:48:45

  • Target version changed from Tails_1.2.1 to Tails_1.2.2

#16 Updated by anonym 2014-12-12 16:41:51

  • Target version changed from Tails_1.2.2 to Tails_1.2.3

#17 Updated by intrigeri 2015-01-13 12:54:30

intrigeri wrote:
> DrWhax, any status update? What milestone can we postpone this to?

Three months later, ping?

#18 Updated by intrigeri 2015-01-13 12:58:15

  • Target version changed from Tails_1.2.3 to Tails_1.3

#19 Updated by Dr_Whax 2015-02-24 23:19:23

  • Target version changed from Tails_1.3 to Tails_1.4

#20 Updated by Dr_Whax 2015-02-24 23:20:01

I will have to sum up discussions that have happened and put them on a blueprint.

#21 Updated by intrigeri 2015-05-09 02:34:51

  • Target version changed from Tails_1.4 to Hole in the Roof

We’ve been postponing this analysis for way too long. We decided it was a Hole in the Roof a year ago, then someone committed to work on it and 10 months later we’re basically at the same point, as far as I can see => setting back to Hole in the Roof (and will ask someone to unassign it, since I don’t manage to do it via Redmine email interface).

#22 Updated by BitingBird 2015-05-09 02:35:40

  • Assignee deleted (Dr_Whax)

#23 Updated by sajolida 2015-06-23 07:39:07

  • Description updated

#24 Updated by Anonymous 2018-01-15 13:20:36

  • Subject changed from Analyze Jake FOCI12 paper to Analyze "vpwns" FOCI12 paper

#25 Updated by Anonymous 2018-01-15 13:27:41

#26 Updated by Anonymous 2019-03-08 16:09:02

  • Status changed from In Progress to Confirmed