Re: [Tails-dev] Unique Hardware Information

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mtemp238353 at <-
 
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: temp238353
CC: tails-dev
Subject: Re: [Tails-dev] Unique Hardware Information
Hi,

[please don't Cc me, I read the list.]

temp238353@??? wrote (29 May 2015 17:34:44 GMT) :
> If someone can get an shell on Tails, they can get a lot of hardware information
> without root. Dmesg is stopped, but any user can run 'cat /proc/cpuinfo' 'lsusb' and
> 'lspci', which makes it easier to identify the user.

That's right.

> Someone can use something like a Firefox exploit on the unsafe
> browser to get a shell.

Indeed, even our minimal AppArmor confining of some applications
doesn't try very hard to block access to such information.

> Is there a way to stop regular users from getting this info?

I'm afraid this can't be really fixed without switching to
a Whonix/Qubes design. This is one of the possible major goals we
might decide to go for in 2016-2018, but it's not been decided yet.

Cheers,
--
intrigeri

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Release versioningRe: [Tails-dev] Release versioning->
lists.autistici.org administrated by postmasterLurker (version 2.3)