Jump to content
Login new information ×
Login new information
  • Software News

    Tails Linux introduces reforms in security audit postmortem to make you safer

    Karlston

    By Karlston,
    Published Date:

    • 58 views
    • 2 minutes
     Share
    • 58 views
    • 2 minutes

    Alongside the release of Tails 6.11 earlier this year, the Tails Project revealed that Radically Open Security was auditing the Tails operating system to better protect users. The audit has now concluded and no remote code vulnerabilities were found.

     

    The only issues that were found required a compromised low-privileged amnesia user, which is the default account in Tails. Luckily for users, the Tails developers are quick on their toes and asked for information about the vulnerabilities before the report was published and released fixes for the discovered issues, which users now already enjoy.

     

    Here’s an overview of what was fixed:

     

    ID Impact Description Issue Status Release

    OTF-001

    High

    Local privilege escalation in Tails Upgrader

    		#20701 Fixed 6.11

    OTF-002

    High

    Arbitrary code execution in Python scripts

    		#20702 Fixed 6.11
          #20744 Fixed 6.12

    OTF-003

     

    Moderate

     

    Argument injection in privileged GNOME scripts

    		#20709 Fixed 6.11
          #20710 Fixed 6.11

    OTF-004

     

    		Low

    Untrusted search path in Tor Browser launcher

    		#20733 Fixed 6.12

     

    Following the fixing of the bugs, the Tails team also did a postmortem of the audit to find out what cultural things need to change and which technical things need to be changed that had a role in allowing the entry of bugs into the operating system in the first place.

     

    The major cultural change that Tails has adopted is how it shares vulnerabilities with the public. So far, it said it has been too secretive about vulnerabilities, but going forward, has adopted the security issue response policy based on the policy of the Tor Project’s Network Team.

     

    It also found that refactoring large amounts of code can also be a way in for security bugs so from now on it will be more intentional and only do large refactoring when it’s worth the effort and risk.

     

    For anyone running Tails, these are extremely positive developments. Tails is used by all sorts of people for sensitive work, so knowing that it’s being proactive on security is reassuring.

     

    Source: Tails

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...