Silk Road forums
Discussion => Security => Topic started by: Nuggz on January 24, 2013, 04:41 am
-
Tails Linux version 0.16 - Firewall Disabling Script Waits For Exploitation
"If you’re running Tails version 0.15 or 0.16, please locate and delete the following file each session:
/usr/local/sbin/do_not_ever_run_me
The file, if ran with correct permissions, will completely disable your firewall! So much for the idea that Tails always routes everything through Tor! Where this news has been posted and comments allowed, mysterious “anonymous” users have expressed their low brow intelligence leaving comments such as, “Well you need to be root to run it so it doesn’t matter, if you have root you can do anything!”
You can read the rest of the article here:
http://cryptome.org/2013/01/tails-exploit.htm
Comments?
-
A Tails developer responds in the next message on the link you posted.
Pretty much, if someone roots your copy of Tails, they can disable the firewall anyway, by either shutting down iptables or flushing the rules.
Even worse, they can copy all your super secret files like your PGP private keys.
I haven't seen the script, but I accept the explanation that it makes certain firewall operations easier for someone who wants muck around with Tails as root. However, an adversary with root privileges can fuck you way harder than that script can.
-
I can't believe they even posted that nonsense on Cryptome. Urgent!!! Someone who roots you can disable your firewall!!! Someone who roots you can force Tor to use their entry guard and get your IP address that way. Tails really isn't designed to strongly protect you from hackers getting your real IP address if they hack you, especially not if they root you. Pretty much the only way to protect your IP address from someone who roots you, is to have Tor running on a separate machine (or the host, if you are using a virtual machine) and forcing all of your traffic through that machines Tor (or Tor on the host), and only having an internal IP address assigned to the non-Tor machine.
-
Dafuq?? That's like saying an admin account disabling the Windows firewall from control panel is an exploit. At first I thought it was a local privilege escalation thing, which is kind of moot anyway unless you're a business or need multiple user accounts for some reason.
-
I can't believe they even posted that nonsense on Cryptome.
That's not the first time I've seen Cryptome sensationalize a security (non)issue -- or at least repost someone else's sensationalizing.
-
I can't believe they even posted that nonsense on Cryptome.
That's not the first time I've seen Cryptome sensationalize a security (non)issue -- or at least repost someone else's sensationalizing.
John tends not to editoralize -- he lets the content speak for itself.
Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
-
So,
use tails 0.16 now or not? and if yes, what changes do I have to make to stay safe.
Thanks for info guys
-
It appears the general concensus is that you are safe. If you want to be on the more cautious side you could delete that file (in the OP) each time you start Tails.
While it is true you need root access to run that file the real question is why have it there at all. Do the Tails developers use it so frequently that it necessitates being included in the release? Maybe so, but it seems like a tool that could also be exploited.