Hi,
while discussing the usefulness of delaying Tails 0.18 due to a local
root privilege escalation bug, Julien Voisin pointed me at potential
deanonymization attacks one may conduct against Tails users, once
given the right to run arbitrary code as the desktop (`amnesia') user.
I've quickly summed up our (very preliminary) thoughts on a ticket so
that this does not get lost:
https://tails.boum.org/todo/investigate_deanonymization_potential_by_the_desktop_user/
Julien says he might have time to go on investigating this in a week,
but I'm sure he won't mind if someone else starts working on this.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc