Re: [Tails-dev] ISO verification

このメッセージを削除

このメッセージに返信
著者: Giorgio Maone
日付:  
To: The Tails public development discussion list
題目: Re: [Tails-dev] ISO verification
On 07/07/2015 18:06, intrigeri wrote:
>>>> Are you saying that any other website that's been loaded in the
>>>> current session could alter the result of this verification?
>>>> That sounds very bad...
>>> That is what I would assume until some experts in this field tell me
>>> that browsers are safe about this. I guess this has been done
>>> elsewhere in this thread (still not finished reading it), otherwise
>>> you would have switched strategies since then.
>> Yes, that's
>> https://mailman.boum.org/pipermail/tails-dev/2015-April/008648.html I think.
> In that thread, the only answers that are potentially relevant to the
> question at hand are:
>
>  * a message by Giorgio, who addresses mostly off-topic concerns
>    someone else posted, but doesn't answer your questions;
>  * a message by Kathleen, who wrote "absent a bug in Firefox or Tor
>    Browser, other web pages should not be able to interfere"... after
>    stating that "Mark and I do not have a lot of expertise in threat
>    modeling"

>
> JFTR, assuming that you're basing your assessment on that second
> reply, I personally find it half-convincing, but giving the timing of
> my feedback here, I will cross fingers instead of insisting (I already
> feel half pissed off and half guilty wrt. how pushy I've been on this
> topic, so it's time for me to stop).
>

I'm sorry: I must have forgot to address this, or just deemed Kathleen's
(correct) answer could suffice, underestimating the uncertainty effect
of her "should" and "not a lot of expertise" clauses.
So, just to be clear, *web pages cannot interfere in any way* with the
result of the verification performed by the browser add-on, except if
there are bugs in the add-on itself (very unlikely, since its code is
gonna be relatively simple and high-level) or in the hosting browser
(less unlikely, as we know that sh*t happens) .
However such a bug would need to be of the "remote code execution
vulnerability" kind, which represents a much more immediate and
worrisome threat than "ability to tamper with an ISO which might or
might not be installed later".
This said as an expert of browser technology and web security :)

-- G