On 8/7/15, intrigeri <intrig...@boum.org> wrote: > Jacob Appelbaum wrote (07 Aug 2015 10:37:25 GMT) : >> I've heard that the exploit in the wild doesn't work against esr31 - I >> haven't heard that it isn't impacted at all. > > Mozilla folks have explicitly written on their "enterprise" list that > FF31 is not affected.
By the exploit, as I understood things? I could be mistaken and probably am mistaken. I've heard that the vulnerable code is in FF31 - I haven't looked myself yet. > >> ( I think the apparmor profile may contain some of the worst aspects >> but only until an attacker figures out how to make a hard link. > > May you please elaborate on the hardlink aspect? It rings a bell, but > I don't remember the specifics. If you hard link a file say, /home/amnesia/.gnupg/secring.gpg into ~/Tor Browser/secring.gpg - you can read it with Tor Browser. AppArmor uses file paths to constrain things. That second file path is allowed by the sandbox, even though the file is also "outside" of that path, AppArmor has no clue. You can test this by doing the following: mkdir ~/OUTOFSANDBOX/ touch ~/OUTOFSANDBOX/apparmor.txt echo "out of sandbox" >> ~/OUTOFSANDBOX/apparmor.txt ln ~/OUTOFSANDBOX/apparmor.txt ~/Tor\ Browser/apparmor.txt If you then want to read that ( ~/Tor\ Browser/apparmor.txt ) file with Tor Browser - it will work. Reading the policy for Tor Browser on Tails 1.4.1 - I see the following relevant entries: owner "@{HOME}/Tor Browser/" rw, owner "@{HOME}/Tor Browser/**" rwk, owner "@{HOME}/Persistent/Tor Browser/" rw, owner "@{HOME}/Persistent/Tor Browser/**" rwk, owner "/live/persistence/TailsData_unlocked/Persistent/Tor Browser/" rw, owner "/live/persistence/TailsData_unlocked/Persistent/Tor Browser/**" rwk, owner @{HOME}/.mozilla/firefox/bookmarks/places.sqlite rwk, owner /live/persistence/TailsData_unlocked/bookmarks/places.sqlite rwk, owner @{HOME}/.tor-browser/profile.default/ r, owner @{HOME}/.tor-browser/profile.default/** rwk, Note that none of those include the flag "l" - which is what is required to make a hard link. That was why I said "until an attacker figures out how to make a hard link"; if such a hardlink were made, they'd be able to read the contents of the linked file. That is all that I meant with my comment. AppArmor is useful but has some rough edges. All the best, Jacob _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.