Skip to content
Snippets Groups Projects
Commit 75c049a4 authored by Tails developers's avatar Tails developers
Browse files

Merge remote-tracking branch 'origin/security/vidalia_in_its_own_user' into devel

parents 9e41f200 d10d2129
No related branches found
No related tags found
No related merge requests found
......@@ -51,6 +51,7 @@ echo "POTFILES_DOT_IN='$(
chmod -R go+rX config/binary_local-includes/
chmod -R go+rX config/chroot_local-includes/etc
chmod 0440 config/chroot_local-includes/etc/sudoers.d/*
chmod go+rX config/chroot_local-includes/home
chmod go+rX config/chroot_local-includes/lib
chmod go+rX config/chroot_local-includes/lib/live
chmod -R go+rx config/chroot_local-includes/lib/live/config
......
#!/bin/sh
set -e
# Create the vidalia user.
#
# We run vidalia under this user,
# which belongs to the debian-tor group.
echo "creating the vidalia user"
adduser --system --quiet --group --no-create-home vidalia
adduser vidalia debian-tor
chown -R vidalia:vidalia /home/vidalia
......@@ -7,6 +7,8 @@ echo "Removing unwanted files"
# Get POTFILES_DOT_IN
. /usr/share/amnesia/build/variables
rm /usr/share/applications/vidalia.desktop
rm /usr/share/icons/gnome/icon-theme.cache
rm -r \
......
LIVE_USER_DEFAULT_GROUPS="audio cdrom dialout floppy video plugdev netdev powerdev fuse debian-tor scanner lp lpadmin vboxsf"
LIVE_USER_DEFAULT_GROUPS="audio cdrom dialout floppy video plugdev netdev powerdev fuse scanner lp lpadmin vboxsf"
#! /bin/sh
ARGS=
if grep -qw bridge /proc/cmdline; then
ARGS='-bridgeconf'
fi
# Get LIVE_USERNAME
. /etc/live/config.d/username.conf
until pgrep -u "${LIVE_USERNAME}" nm-applet >/dev/null ; do
sleep 5
done
lckdo /var/lock/vidalia.amnesia /usr/bin/vidalia $ARGS
......@@ -2,12 +2,29 @@
set -e
# Get LIVE_USERNAME, whose instance we want to restart
ARGS=
if grep -qw bridge /proc/cmdline; then
ARGS='-bridgeconf'
fi
# Get LIVE_USERNAME
. /etc/live/config.d/username.conf
if killall vidalia 2> /dev/null; then
sleep 2 # give lckdo a chance to release the lockfile
fi
until pgrep -u "${LIVE_USERNAME}" nm-applet >/dev/null ; do
sleep 5
done
export DISPLAY=':0.0'
export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
exec /bin/su -c /usr/local/bin/vidalia-wrapper "${LIVE_USERNAME}" &
sudo -u ${LIVE_USERNAME} xhost +SI:localuser:vidalia
sudo -u vidalia lckdo /var/lock/vidalia vidalia -DISPLAY=${DISPLAY} ${ARGS} &
until pgrep -u vidalia vidalia >/dev/null ; do
sleep 5
done
sudo -u ${LIVE_USERNAME} xhost -SI:localuser:vidalia
......@@ -22,7 +22,7 @@ Feature: Various checks
Scenario: The live user is setup correctly
Then the live user has been setup by live-boot
And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev fuse debian-tor scanner lp lpadmin vboxsf"
And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev fuse scanner lp lpadmin vboxsf"
And the live user owns its home dir and it has normal permissions
Scenario: No initial network
......
......@@ -334,7 +334,7 @@ EOF
end
def has_process?(process)
return execute("pidof " + process).success?
return spawn("pidof " + process).success?
end
def save_snapshot(path)
......
......@@ -804,7 +804,15 @@ probably would not want this due to the added consumption of
bandwidth. The user can nevertheless easily choose to turn his or her
Tor client into a relay, thanks to the Vidalia graphical user
interface.
If a compromised software had access to the Tor control port,
an attacker who controls it could simply ask Tor the public
IP through the `GETINFO address` command.
To prevent this, access to the Tor control port is only
granted to the vidalia user, who is running Vidalia.
- [[!tails_gitweb chroot_local-hooks/06-adduser_vidalia]]
- [[!tails_gitweb chroot_local-includes/usr/local/sbin/restart-vidalia]]
- [[!tails_gitweb chroot_local-includes/etc/tor/torrc]]
### 3.6.3 DNS
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment