Add test: the amnesia user can only access the expected services
We should add the test proposed by @anonym on #20185 (comment 226119):
I wonder, would it be worth adding a scenario
the amnesia user can only access the expected services
, which usesss
or whatever to list all ports listening on loopback and then verifies that connecting to each of them (withnc
or whatever) fails and the firewall logs the correspondingDropped outbound packet
unless we explicitly allow it? Then we would have to maintain an allowlist again, but it shouldn't be any harder thanSERVICES_EXPECTED_ON_ALL_IFACES
. And since the most reasonable thing we can do is running it in Tails' "default state", it would only help with the default services running and not those started only when the user starts some particular application, so if we for instance wanted to block the ports to Audacity it wouldn't help in that case. But I think it would be a more effective reminder than the other scenario that when we add a new default service we must consider its access for theamnesia
user, which has some value.
According to my initial analysis (!1400 (comment 226275)):
It seems most of the code needed to add this test already exists in
Then /^no unexpected services are listening for network connections$/
,When /^I open an untorified (TCP|UDP|ICMP) connection to (\S*)(?: on port (\d+))?$/ do |proto, host, port|
, and friends. I expect most of the work will be to refactor those so that the relevant code lives in methods that we can reuse, rather than in step definitions.