Periodically strace programs run in privileged amnesia context

When a program runs as amnesia but has access to additional resources, loading files from $HOME must be done very carefully, if at all. Examples: #20702 (closed) #20733 (closed) #20745 (closed)

Tasks:

• make a list of programs that you consider sensitive. Ideas: they must run in sensitive contexts; there are chances for them to load libraries or other data files in $HOME.

  • onioncircuits
  • tails-backup-rsync
  • /usr/local/lib/tails-run-tor-browser-in-flatpak
  • /usr/local/bin/tca
  • /usr/local/bin/tails-persistent-storage
  • /usr/local/sbin/unsafe-browser
  • /usr/local/bin/whisperback
  • /usr/local/lib/tails-run-tor-browser-in-flatpak
  • /usr/local/lib/persistent-storage/on-activated-hooks/Dotfiles/add-gnome-bookmark
  • /usr/local/lib/persistent-storage/on-activated-hooks/PersistentDirectory/add-gnome-bookmarks
  • /usr/local/lib/persistent-storage/on-deactivated-hooks/Dotfiles/delete-gnome-bookmark
  • /usr/local/lib/persistent-storage/on-deactivated-hooks/PersistentDirectory/delete-gnome-bookmarks

• as root, run strace --trace=setuid,file -ff --output=trace /usr/local/lib/run-with-user-env /usr/local/bin/onioncircuits (obviously changing it for every program). This will create one file per every spawned process. Inspect them!

  • Keep in mind that the programs involved in run-with-user-env will be traced as well.
  • grep -l /home/amnesia/ trace.*
  • grep setuid trace.* to check where the setuid(1000) has taken place, so you can discard everything after that
  • This scripts provide a useful function to inspect which PIDs are children of other: inspectPIDs.sh

• Once we're done for this iteration, move this issue back to To Do, remove the assignee, and set the milestone to the next X.0 (we go through this process every couple years, when we upgrade to the next version of Debian, so this issue is not meant to be closed).

Expected cost/benefit: Low Hanging Fruit