On 7/26/14, sajolida@??? <sajolida@???> wrote:
> intrigeri wrote:
>> So, the main goals I have in mind are:
>>
>> 1. making it harder, for an attacker who compromises I2P running in
>> Tails, to upgrade their attack to anything non-I2P;
>>
>> 2. making it harder, for someone attacking a Tails user's web
>> browsing over Tor, to take advantage of bugs in the I2P router
>> console;
>>
>> 3. protecting the Tails users who don't intend to use I2P at all,
>> from vulnerabilities in I2P, by making it harder, for an attacker,
>> to start I2P in Tails, or to trick a user into doing it.
>>
>> Regarding #3, I think we should replace the sudo credentials that
>> allow the `amnesia' user to start I2P, with an I2P option in Tails
>> Greeter. I assume the new Greeter that's currently worked on would
>> allow this.
>>
>> * If we keep I2P without adding any protection immediately, when do
>> we expect *which* protections to be ready? (reality check: we won't
>> have AppArmor before October; I guess the Greeter won't be ready
>> earlier either)
>
> Regarding the "when", if we decide to do a first temporary step by
> having an "i2p" boot option instead of an option in the Greeter, then we
> don't have to wait for the new Greeter... It feels a bit like going
> backward regarding our plans on the Greeter but we've been doing that
> for truecrypt forever and the doc is ready... That could be ready for
> Tails 1.1.1, no?
>
A boot option seems like a fine way to fix things quickly without
actually harming the needs of actual i2p users. I wonder though if
that also means that the firewall would be locked down by default?
All the best,
Jacob