Lock screen bypass via sysrq
It's possible to bypass the lock screen in Tails via SysRq-R then SysRq-K. This will kill all processes in the current VT, including the lock screen. This will also kill the browser so the contents of currently open applications can't necessarily be recovered (except for ones that autosave like the text editor), but all files in the user's home directory and in Persistence can be accessed without authentication. I haven't tested yet, but it might be possible to set an administration password when the splash screen reappears, and use that to get root and view the process memory of Tor to recover recently used connections.
-
set the sysctl kernel.sysrq = 0
. Users are not expected to be using SysRq functionality anyway.
This is possible because of a wider mistake in mistake in Tails' design, which is that the splash screen will allow a user to log in a second time if the session crashes (#20309), and SysRq is just one way to cause the session to crash. To prevent similar problems like this in the future, Tails should only show the splash screen once. If the session crashes for any reason, Tails should treat a crashed session as a fatal error.