Feature #7465

Test if the persistent filesystem's root directory needs to be world-readable

Added by intrigeri 2014-06-25 12:11:35 . Updated 2018-02-18 07:51:29 .

Status:
Confirmed
Priority:
Normal
Assignee:
intrigeri
Category:
Persistence
Target version:
Start date:
2014-06-25
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

Things like Bug #7443 would not be an issue if /live/persistence/TailsData_unlocked/ had e.g. permissions 0770. What prevents us from doing this? Possibly, we might want to add an ACL to grant the amnesia user read access to this directory, but it’s probably not really needed, as the persistent directories are usually bind-mounted to places that this user can read.

Subtasks

Related issues

Related to Tails - Bug #7443: Persistent files have unsafe permissions Resolved 2014-06-25
Related to Tails - Bug #14508: Get critical parts of Tails audited Confirmed 2017-08-30

History

#1 Updated by intrigeri 2014-06-25 12:12:49

  • related to Bug #7443: Persistent files have unsafe permissions added

#2 Updated by intrigeri 2017-06-05 15:53:10

  • Subject changed from Investigate if the persistent filesystem's root directory needs to be world-readable to Test if the persistent filesystem's root directory needs to be world-readable
  • Type of work changed from Research to Code

Next step: create a branch that implements what’s described above, and see how our test suite likes it.

#3 Updated by intrigeri 2018-02-18 07:51:29

  • in tails-persistence-setup’s bin/tails-fix-persistent-volume-permissions: chmod 0770 instead of 0775
  • migrate existing persistent filesystems in live-persist: before calling mountpoint_has_correct_access_rights, if the mountpoint has the old permissions (775), chmod it 770

#4 Updated by Anonymous 2018-08-17 06:49:27

  • related to Bug #14508: Get critical parts of Tails audited added