Hi,
Jacob Appelbaum wrote (27 Jul 2014 14:24:53 GMT) :
> On 7/27/14, intrigeri <intrigeri@???> wrote:
>>> How shall we scope the audit? What do you have in mind?
>>
>> Everything that relies on privilege separation (see sudo
>> configuration) could be worth looking it. In particular, I'm thinking
>> of the incremental upgrades security design and implementation.
> I'm happy to look at the sudo rules but I don't know very much about
> the incremental upgrades. If you want to talk about it, I'm certainly
> open to looking into it.
The incremental upgrades design is pretty well documented [1] if one
asks me, and it includes a security discussion.
I've no experience with how one shall audit such a complex system, but
I guess that the first step would be to review the design in
isolation, then to verify that the implementation does what the design
doc says, and then try and find implementation-specific issues.
Note that we're aware of certain limitations, that are not worth
reporting again, unless there's new info regarding their severity: see
the tickets with the "Incremental upgrades" category on Redmine.
[1]
https://tails.boum.org/contribute/design/incremental_upgrades/
Cheers,
--
intrigeri