22 January 2013. Add response from A2.
21 January 2013
Tails Linux version 0.16 - Firewall Disabling Script Waits For
Exploitation
A sends:
Tails Linux version 0.16 - Firewall Disabling Script Waits For Exploitation
"If youre running Tails version 0.15 or 0.16, please locate and delete
the following file each session:
/usr/local/sbin/do_not_ever_run_me
The file, if ran with correct permissions, will completely disable your firewall!
So much for the idea that Tails always routes everything through Tor! Where
this news has been posted and comments allowed, mysterious
anonymous users have expressed their low brow intelligence leaving
comments such as, Well you need to be root to run it so it doesnt
matter, if you have root you can do anything!
First of all, a file called do_not_ever_run_me shouldnt
be on a Linux system. If it should NEVER BE RUN, and that means by anyone,
root or user, local or remote, it SHOULD NOT BE INCLUDED IN THE DISTRIBUTION!
Any current or future exploit which targets this file will drop the
shields for the Tails user.
Perhaps Tails itself in its next version, 0.17, should be nicknamed,
do_not_ever_run_me.
Another questionable decision by the Tails developers is to place the following
line within the torrc file (located at /etc/tor/torrc):
## We dont care if applications do their own DNS lookups since our
Tor
## enforcement will handle it safely.
WarnUnsafeSocks 0
Oh, really? We dont care? Who is we? Its not me! As the man page
for Tor states, this is set to 1 by default, yet Tails sets it for 0! So
if something leaks, you will never know it? Each session, delete
this line or comment it out so the default is 1 like it should be for a Tor
session.
What else can we find in this anonymously developed distribution? Im
glad Im not driving a car with software made by this group of developers."
aka: Tails 0.16 lower shields
src: anonymous
reply: no, throwaway acct
22 January 2013
A2 sends:
As a former Tails developer
(https://tails.boum.org) I feel obliged
to respond to the allegations on http://cryptome.org/2013/01/tails-exploit.htm.
The file do_not_ever_run_me indeed does nothing that a root user can not
accomplish himself. The Tails operating system disables login as root unless
the user explicitly specifies a root password at boot time.
The file exists to allow expert users of Tails to temporarily disable certain
firewall rules for testing or other purposes where the users needs the firewall
rules disabled.
That said, the file isn't a security risk at all. Just as noone can prevent
a Tails/Tor user to disclose his identity online at will, noone can prevent
a user to execute the file or disable the firewall himself by enabling root
access at Tails boot time and issuing the commands to drop the iptables rules
himself.
Tails even includes a separate non-safe browsers for situations where it
is required to browse the web without Tor, e.g. when the user connects to
a public Wireless Access Point that reroutes all traffic to a login page,
which obviously can't be accessed with Tor as long as the user isn't logged
in and the AP prevents unlogged users connecting to the Internet (and the
Tor network).
To put it in other words: If a user decides to enable root access in Tails
(which is disabled by default), he can do anything he wants anyway. The file
does nothing but issue the very same commands to drop the Firewall rules,
that the root user can do himself manually at any time in the console.
Also, as the file is not linked in the menu or anywhere else where it could
be easily accessable, there is no possibility that a user runs it accidentially
(which isn't possible anyway, as root access is disabled by default).
Regarding the Tor parameter "WarnUnsafeSocks 0", it appears to me the original
poster on your web site has a misconception about how Tor and Tails works.
The Tor manual sais:
"When WarnUnsafeSocks is enabled, Tor will warn whenever a request is received
that only contain an IP address instead of a hostname. Allowing applications
to do DNS resolves themselves is usually a bad idea and can leak your location
to attackers. (Default: 1)"
When a user accesses a web service, he usually uses the domain name (e.g.
google.com) instead of the IP address. The computer uses DNS to look up the
matching IP address for the domain name (very much like a telephone directory).
Years ago, many applications that offered SOCKS proxying of their traffic
routed all data to the SOCKS proxy, but did DNS lookups themselves without
using the proxy. For example, when sending a mail, the mail program would
send the mail using the proxy, but look up the IP address of the mail server
without using the proxy. Such behaviour would expose the accessed domain
names of the user to a wiretapper and the IP address of the user to the DNS
server.
Nowdays, while there are still applications that do the DNS lookups directly
even when they are configured to use a proxy, most popular programs use the
proxy for DNS lookups. That's what the Tor parameter is for. It warns the
user whenever an application uses an IP address directly, which usually is
the case when the application already resolved the domain name to the matching
IP address itself without using the proxy (in this case Tor).
As user applications in Tails *can not* do DNS requests (or any other
requests/traffic) outside Tor, this parameter is not required.
Besides that, the parameter was only recently introduced in Tor (0.2.2.14-alpha).
I hope to have clarified the issue a bit.
|