Get critical parts of Tails audited
It would be nice to have to following parts or Tails audited:
- Audit whatever upgrade mechanism we replace the current Tails
Upgrader with in the “Rethink upgrade/installation” effort (possible
in ~2 years probably).
- Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. ~1 kLoC of perl (but big parts are irrelevant since it is about generating IUKs.) - Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
- Torification escapes for the Live user and other critical users
- Persistence
- Arbitrary persistence by the Live user
- Permissions of the device and data of the persistent device (Audit should be less than a day) - Audit anonym’s Thunderbird auto-config patches (Javascript, 9 files changed, 254 insertions(+), 99 deletions(-).)
Related issues
- Related to #7465
- Related to #11051 (closed)
Original created by @jvoisin on 14508 (Redmine)