Get critical parts of Tails audited
Originally created by @jvoisin on #14508 (Redmine)
It would be nice to have to following parts or Tails audited:
- Audit whatever upgrade mechanism we replace the current Tails
Upgrader with in the “Rethink upgrade/installation” effort (possible
in T:Contributors documentation years probably).
- Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. To Do kLoC of perl (but big parts are irrelevant since it is about generating IUKs.) - Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
- Torification escapes for the Live user and other critical users
- Persistence
- Arbitrary persistence by the Live user
- Permissions of the device and data of the persistent device (Audit should be less than a day) - Audit anonym’s Thunderbird auto-config patches (Javascript, 9 files changed, 254 insertions(+), 99 deletions(-).)
Related issues
- Related to #7465
- Related to #11051 (closed)
To upload designs, you'll need to enable LFS. More information