Re: [Tails-dev] Fwd: Re: Reducing attack surface of kernel a…

Delete this message

Reply to this message
Autore: Jacob Appelbaum
Data:  
To: tails-dev
Oggetto: Re: [Tails-dev] Fwd: Re: Reducing attack surface of kernel and tightening firewall/sysctls
On 2/12/16, intrigeri <intrigeri@???> wrote:
> Hi,
>
> Jurre van Bergen wrote (11 Feb 2016 16:46:47 GMT) :
>> Forwarding e-mail.
>
> Thanks :)
>
>> Date:     Thu, 11 Feb 2016 12:28:35 +0100
>> From:     Cornelius Diekmann <diekmann@???>

>
>> A conservative change to the tails config would be to keep an RELATED
>> rule but limit it to known good ICMP messages.
>
> Yes, this was proposed on the thread; in the email you're replying to
> I explained why I didn't pick this option, mainly because no (pseudo-)
> implementation thereof has been proposed nor discussed yet.


I feel a bit sad to see this rehashed. Please just drop all packets on
the floor?

People who use Tails and expect it to keep them safely torified are
likely still vulnerable to things we wrote in our paper (vpwned).
Allowing users by default to make non-tor connections, except for
specific pluggable transports or dhcp, will probably ensure that
variations on the disclosed issues stay relevant.

If a user wants to use a printer or touch the local subnet, why not
make them jump through a (`sudo unsafe-network-unlock`) hoop? Why
leave every other user vulnerable by default?

All the best,
Jacob