Feature #7465
Test if the persistent filesystem's root directory needs to be world-readable
Start date:
2014-06-25
Due date:
% Done:
0%
Description
Things like Bug #7443 would not be an issue if /live/persistence/TailsData_unlocked/
had e.g. permissions 0770. What prevents us from doing this? Possibly, we might want to add an ACL to grant the amnesia user read access to this directory, but it’s probably not really needed, as the persistent directories are usually bind-mounted to places that this user can read.
Subtasks
Related issues
Related to Tails - |
Resolved | 2014-06-25 | |
Related to Tails - Bug #14508: Get critical parts of Tails audited | Confirmed | 2017-08-30 |
History
#1 Updated by intrigeri 2014-06-25 12:12:49
- related to
Bug #7443: Persistent files have unsafe permissions added
#2 Updated by intrigeri 2017-06-05 15:53:10
- Subject changed from Investigate if the persistent filesystem's root directory needs to be world-readable to Test if the persistent filesystem's root directory needs to be world-readable
- Type of work changed from Research to Code
Next step: create a branch that implements what’s described above, and see how our test suite likes it.
#3 Updated by intrigeri 2018-02-18 07:51:29
- in
tails-persistence-setup
’sbin/tails-fix-persistent-volume-permissions
: chmod 0770 instead of 0775 - migrate existing persistent filesystems in
live-persist
: before callingmountpoint_has_correct_access_rights
, if the mountpoint has the old permissions (775), chmod it 770
#4 Updated by Anonymous 2018-08-17 06:49:27
- related to Bug #14508: Get critical parts of Tails audited added