Get critical parts of Tails audited
Originally created by @jvoisin on #14508 (Redmine)
It would be nice to have to following parts or Tails audited:
- Audit whatever upgrade mechanism we replace the current Tails
Upgrader with in the “Rethink upgrade/installation” effort (possible
in ca. 2 years probably).
- Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. ca. 1 kLoC of perl (but big parts are irrelevant since it is about generating IUKs.)
- Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
- Torification escapes for the Live user and other critical users
- Persistence
- Arbitrary persistence by the Live user
- Permissions of the device and data of the persistent device (Audit should be less than a day)
- Audit anonym’s Thunderbird auto-config patches (Javascript, 9 files changed, 254 insertions(+), 99 deletions(-).)
Related issues
- Related to #7465 (closed)
- Related to #11051 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information