[Tails-dev] [urgent] Tails 0.12 test results (we've got a po…

Borrar esta mensaxe

Responder a esta mensaxe
Autor: anonym
Data:  
Para: The T(A)ILS public development discussion list
Asunto: [Tails-dev] [urgent] Tails 0.12 test results (we've got a potential blocker)
Hi,

Today I've been testing (what I thought was) the final 0.12 build, but
beyond the usual minor annoyances that I've been reporting for a few
releases now there's a regression with Claws Mail (see below). I suppose
this could be called a blocker, but I'd like input on it. No matter what
this will probably delay the 0.12 release until tomorrow. Ah well...

> # Iceweasel
>
> * Does playing HTML5 videos work? In particular, (due to its
> popularity) do [youtube](http://www.youtube.com) videos work?


Like in 0.11, I cannot click the element placeholder to enable HTML5
youtube videos. I have to click the noscript toolbar button -> blocked
objects -> temporarily allow <object>, to make it work. Which <object>
is the correct one is non-obvious.

> # Tor enforcement
>
> * firewall: is IPv6 traffic blocked?
>  - at a place with working IPv6: try connecting to a known-working
>    IPv6-enabled server on its IPv6 address over TCP and icmp6.


Couldn't test.

> # Claws
>
> * Check that the profile works and is torified (specifically the
> EHLO/HELO SMTP messages it sends). Send an email using Claws and a
> non-anonymizing SMTP relay. Then check that email's headers once
> received, especially the `Received:` and `Message-ID:` ones.
> * Also check that the EHLO/HELO SMTP message is not leaking anything
> with a packet sniffer: start Claws using the panel icon (which runs
> `torify claws-mail`) to
> avoid using the transparent proxy (which will confuse tcpdump).
> Disable SSL/TLS for SMTP in Claws (so take precautions for not
> leaking your password in plaintext by either changing it temporarily
> or using a disposable account). Then run `sudo tcpdump -i lo -w
> dump` to capture the packets before Tor encrypts it, and check the
> dump for the HELO/EHLO message and verify that it only contains
> `localhost`.


We have a regression here. EHLO/HELO messages leaks the hostname
('amnesia'), resulting in '*@amnesia' Message IDs, and 'amnesia' in
the last Received field. I managed to track down the culprit: torsocks.
We start claws-mail with torify, which uses torsocks over tsocks.
Switching back to tsocks, like in 0.11 and previous releases, fixes the
leak.

Once an account has been created, the problem can be fixed by setting:

    set_domain=1
    domain=localhost


in accountrc. Unfortunately we get:

    set_domain=0
    domain=


no matter what's put in accountrc.tmpl ('set_domain' isn't supported in
templates, and 'domain' is only used in the wizard for guessing the
email address, the servers' hostnames etc.).

Should we call this a blocker? If so, since torsocks apparently behaves
worse than tsocks in this respect I believe the right course of action
is to revert 7f7cd4e (Merge branch 'feature/torsocks' into devel).
Otherwise, I'm unsure of how to make torsocks play nicely with Claws
Mail, but perhaps some one else has a better solution?

[1] todo/applications_audit/claws_mail/

> # Whisperback
>
> * can a bug report e-mail be sent?


Eventually, yes. I got this error quite a few times:

"Unable to create or to send the mail. [...] peer certificate is
invalid"

Hm? Also it seems that some of them were sent any way, despite the error.

> # erase memory on shutdown
>
> Testing that the needed files are really mapped in memory, and the
> erasing process actually works, involves slightly more complicated
> steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].


Bad results as expected.

The following tests has not been done yet:

> # USB Installer/Upgrader
>
> The installed or upgraded Tails medium shall be successfully booted
> after each of the following tests.
>
> * Test "Clone & Install":
>   - onto a USB stick that has a MBR partition table, and no
>     partition at all (regression test)
>   - onto a USB stick that already has an old-fashioned hybrid cat'd
>     Tails on it
> * Test "Clone & Upgrade" (onto a USB install containing an older
>   Tails):
>   - onto a USB stick that already has a old-fashioned cat'd hybrid
>     Tails on it: should warn this action is not supported, and direct
>     the user to the "Clone & Install" operation mode.
> * Test "Upgrade from ISO".
>   - make sure to test that TailsData partitions survive upgrades.
> * Test "emergency shutdown on boot medium removal" feature, on Tails
>   system installed by this installer.

>
> # Persistence
>
> * Turn off some persistence presets, reboot, and make sure they are
> not activated.


Cheers!