Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Fwd: Re: Reducing attack surface of kernel and
tightening firewall/sysctls
Hi,
Jacob Appelbaum wrote (14 Feb 2016 13:46:45 GMT) : > I was specifically replying to this bit: >>> A conservative change to the tails config would be to keep an RELATED
>>> rule but limit it to known good ICMP messages.
Thanks for explaining. Now I'm lost and still don't understand if your
comment about "just drop all packets on the floor" relates to the
option I explicitly said I didn't pick (I guess not, since it would
not help solve the problem at hand, at least not in a way
I understand, but OTOH you tell me you were _specifically_ replying to
it), or to the option that I did pick (that included a discussion
about effects on LAN use cases, that I suspect are much more likely to
trigger such a reaction from your part). /me confused :/
I'm sick of seeing such great, long threads like this one, start with
great ideas and bursts of creativity, and never reach a practically
useful conclusion. I want _this_ very thread to reach a conclusion in
the form of a security improvement we can ship to Tails users. This is
what I'm trying to achieve here. I'm sure that we can agree on this,
and I bet that you and I share some of the feelings behind it. I want
the security improvement discussed in this thread to happen ASAP, so
pragmatically, I can't allow myself to block on another, harder
decision, before we move forward here.
This is why we're not going to make a decision _in this thread_ about
the security/usability cursor default position for firewalling of
connections to RFC1918 addresses. We have another thread for that.
I'm unhappy about various aspects of that other thread, and I know you
are too, but it's still our best chance of reaching a useful
conclusion on that matter.
Back to the topic this thread is about.
My preferred option for the problems discussed in this very thread is
essentially the one you proposed initially, just fixed/refined. If we
want to make it happen we need to evaluate/fix the remaining blockers
of this proposal. I would love it if it had already happened a year
ago, and then things would be simple and we could "just" do $this or
$that, but it did not happen back then, so here we are.
I've listed a few potential blockers that are caused by blocking
Destination Unreachable ICMP error messages. One of those is about LAN
usecases. Dropping that specific one from the list of blockers won't
solve the others. So let's not argue about that specific one, it would
only lock each of us into predefined positions and roles, and will
prevent us from moving forward on the broader topic this thread
is about.
So, I humbly suggest that if you personally want to put some more time
into this thread again at this point, you ignore the LAN blocker as
far as this thread is concerned (I'm happy to deal with it myself),
and you instead focus on the other blockers of the proposed solution.
I believe this will be the most useful contribution you can make to
help us work together and turn this thread, that you started a while
ago, into an actual improvement we can ship to Tails users.