In March 2023, Radically Open Security conducted a security audit on the major improvements that we released in Tails 5.8 (December 2022) on the Persistent Storage, the Unsafe Browser, and the Wayland integration.

To better protect our users, we addressed most of the security vulnerabilities as soon as they were discovered and reported to us, without waiting for the audit to be complete and public. We can now share with your the final report.

We are proud of the conclusion of the auditors:

Overall, the Tails operating system left a solid impression and addressed most of the concerns of an average user in need of anonymity.

This is particularly evident in the isolation of various components by the developers. For example, the configured AppArmor rules often prevented a significant impact of the found vulnerabilities. Shifting to Wayland was a good decision, as it provides more security by isolating individual GUI applications.

All in all, no serious vulnerabilities were found through the integration into Wayland. Unsafe Browser and Persistent Storage should now be less vulnerable to attack, as all vulnerabilities have been fixed.

The auditors found 6 High, 1 Moderate, 3 Low-severity issues. Another issue was fixed before the actual impact was assessed and so marked as having Unknown severity.

We fixed all these issues as soon as possible and before making them public on our GitLab. The last issue was fixed in 5.14, 3 weeks after it was reported to us.

As good as the results of this audit are, they also serve as a reminder that no software is ever 100% secure and that every release of Tails can fix critical security vulnerabilities. Your best protection against all kinds of attack is to keep your Tails up-to-date.

Because at Tails we believe that transparency is key to building trust, all the code of our software is public and the results of this audit as well. You can find below a summary of all the issues and their fixes.

Detailed findings

Tor integration

IDIssueDescriptionImpactStatusRelease
TLS-012#19585Leak clear IP as low-privileged user amnesiaHighFixed5.12
TLS-013#19594Local privilege escalation to Tor Connection sandboxHighFixed5.12
TLS-014#19595Local privilege escalation to Tor Browser sandboxModerateFixed5.13
TLS-017#19610Insecure permissions of chroot overlayUnknownFixed5.13

Stockage persistant

IDIssueDescriptionImpactStatusRelease
TLS-003#19546Local privilege escalation in Persistent folder activation hookHighFixed5.11
TLS-004#19547Symlink attack in Persistent folder deactivation hookLowFixed5.11
TLS-005#19548Local privilege escalation in GnuPG feature activation hookHighFixed5.11

Core

IDIssueDescriptionImpactStatusRelease
TLS-001#19464Local privilege escalation in tails-shell-libraryHighFixed5.11
TLS-009#19599Man-in-the-middle attack on onion-grater serviceLowFixed5.13
TLS-011#19576Limited path traversal in tails-documentationLowFixed5.13
TLS-019#19677Local privilege escalation in tailslib leads to arbitrary file readHighFixed5.14