On 8/8/15, intrigeri <intrig...@boum.org> wrote: > Hi, > > Jacob Appelbaum wrote (07 Aug 2015 12:33:10 GMT) : >> If you hard link a file say, /home/amnesia/.gnupg/secring.gpg into >> ~/Tor Browser/secring.gpg - you can read it with Tor Browser. AppArmor >> uses file paths to constrain things. That second file path is allowed >> by the sandbox, even though the file is also "outside" of that path, >> AppArmor has no clue. > > Right, thanks for refreshing my memories :)
Sure thing. > >> Reading the policy for Tor Browser on Tails 1.4.1 - I see the >> following relevant entries: >> [...] >> Note that none of those include the flag "l" - which is what is >> required to make a hard link. That was why I said "until an attacker >> figures out how to make a hard link"; if such a hardlink were made, >> they'd be able to read the contents of the linked file. That is all >> that I meant with my comment. AppArmor is useful but has some rough >> edges. > > OK. I've filed https://labs.riseup.net/code/issues/9949 about it, and > after an initial evaluation of our current AppArmor policy, it seems > everything is good... except the I2P confinement, but that one is > still WIP (#7724), and the version we currently ship should merely be > regarded as a technology preview, that's only marginally better > than nothing. > Ok. > It would be awesome if someone double-checked my findings. E.g. > the regexp I've used might be buggy and miss some problematic rules. > Jacob, perhaps? > I wouldn't call it an audit but I agree with your initial findings. All the best, Jacob _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
