If users are looking for maximum security/privacy from Tails at the
possible sacrifice of stability, are they better off habitually using
the latest stable version of Tails, or the latest release candidate?
I started to look into the historical data a little bit myself. The
Tails news page [1] lists the following security bugs:
1) "Don't grant access to the Tor control port for the desktop user.
Else, an attacker able to run arbitrary code as this user could obtain
the public IP with a get_info command." (vulnerable in 0.20.1, fixed in
0.21~rc1)
2) "Don't allow the desktop user to directly change persistence
settings. Else, an attacker able to run arbitrary code as this user
could leverage this feature to gain persistent root access, as long as
persistence is enabled." (vulnerable in 0.20.1, fixed in 0.21~rc1)
3) "Numerous security holes in Tails 0.20" (vulnerable in 0.20, fixed
in 0.20.1, unclear whether it was present or fixed in release candidates
in between)
4) "Numerous security holes in Tails 0.19" (vulnerable in 0.19, fixed
in 0.20, unclear whether it was present or fixed in release candidates
in between)
I also looked at the list of known issues for any release candidates
listed on the news page. There were no security-related issues listed
there, though that could be an exercise in caution on the part of Tails
contributors not to announce known security issues, rather than a lack
of known security issues. Also, only 0.21~rc1 and 0.20~rc1 were included
on this page.
On the Tails security page [2], there are no headings that call out
release candidate versions specifically, but it's not clear that they
would necessarily be included on this page.
Based on this limited information, it would appear that release
candidates are preferable for security since they sometimes fix security
bugs, but are not identified as introducing new ones explicitly. I'd
love to hear from any developers or active watchers whether they have
experience or advice to the contrary, or are aware of other sets of data
that would be helpful informing an opinion about this.
Thanks!
Kristov
[1] https://tails.boum.org/news/index.en.html
[2] https://tails.boum.org/security/index.en.html
_______________________________________________
Tails-support mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-support
