Investigate security issues that may be caused by passing SSL_NO_VERIFY unchanged to tails-upgrade-frontend
SSL_NO_VERIFY unchanged via sudo from the
amnesia user to
tails-upgrade-frontend program. Presumably, an adversary who has
taken control of the
amnesia user, and can actively MitM the
connection to https://tails.boum.org/, can e.g. serve an old
upgrade-description file that hides the availability of an upgrade
(indefinite freeze attack), or maybe even incitates the user to
downgrade to an older version of Tails (rollback attack). Note that the
upgrade-description file being served still needs to be signed by the
Tails signing key.
We should investigate the exact consequences of this all.