Re: [Tails-dev] ISO verification

Supprimer ce message

Répondre à ce message
Auteur: sajolida
Date:  
À: The Tails public development discussion list
Sujet: Re: [Tails-dev] ISO verification
intrigeri:
> Giorgio Maone wrote (09 Jul 2015 07:22:52 GMT) :
>>> Can a web page (and scripts it may be running) loaded in a given
>>> browser tab interfere in any way with the content of another tab?
>> Only if it's same origin with that tab, or [...]
>
> Thanks a lot for these explanations! This addresses my remaining
> concerns on this topic :)
>
> I guess sajolida will want to capture this reasoning on the blueprint.


I added this in our blueprint with commit 506ef9c, I'll push it soon.

I also guess that we cannot protect from another malicious extension
installed in the same browser. That's now attack [I] for which I wrote
commit 7ae105b:

    We are not considering an attacker who can:


      - [I] Provide a malicious extension in the same browser as this
        would have similar effects than attack [F].


Correct me if I'm wrong.