Re: [Tails-dev] Fwd: Re: Reducing attack surface of kernel a…

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] Fwd: Re: Reducing attack surface of kernel and tightening firewall/sysctls
Jacob Appelbaum wrote (14 Feb 2016 13:04:58 GMT) :
> I feel a bit sad to see this rehashed. Please just drop all packets on
> the floor?


> People who use Tails and expect it to keep them safely torified are
> likely still vulnerable to things we wrote in our paper (vpwned).
> Allowing users by default to make non-tor connections, except for
> specific pluggable transports or dhcp, will probably ensure that
> variations on the disclosed issues stay relevant.


> If a user wants to use a printer or touch the local subnet, why not
> make them jump through a (`sudo unsafe-network-unlock`) hoop? Why
> leave every other user vulnerable by default?


I think you're confusing this thread with another one,
that is totally orthogonal as I see it.

Cheers,
--
intrigeri