Audit TPS usage of connect-drop
This is part of tails/tails#19248.
The new Persistent Storage bases its security on a careful usage of DBus. To do that, connect-drop
gained the --dbus
option, which is then used by connect-drop-tps
. This allows tps-frontend
to run as amnesia
, being connected to the amnesia
session DBus, and to the system DBus as tails-persistent-storage
.
We want to be sure that even if, somehow, an attacker can exploit a bug in tps-frontend
, they cannot use this bug to escalate privileges.
This is definitely not the only (and maybe not the most) sensitive part of TPS, but that's for #19240 (closed)
Edited by intrigeri