- news
- Security audit of Persistent Storage and Tor integration
In March 2023, Radically Open Security conducted a security audit on the major improvements that we released in Tails 5.8 (December 2022) on the Persistent Storage, the Unsafe Browser, and the Wayland integration.
To better protect our users, we addressed most of the security vulnerabilities as soon as they were discovered and reported to us, without waiting for the audit to be complete and public. We can now share with your the final report.
We are proud of the conclusion of the auditors:
Overall, the Tails operating system left a solid impression and addressed most of the concerns of an average user in need of anonymity.
This is particularly evident in the isolation of various components by the developers. For example, the configured AppArmor rules often prevented a significant impact of the found vulnerabilities. Shifting to Wayland was a good decision, as it provides more security by isolating individual GUI applications.
All in all, no serious vulnerabilities were found through the integration into Wayland. Unsafe Browser and Persistent Storage should now be less vulnerable to attack, as all vulnerabilities have been fixed.
The auditors found 6 High, 1 Moderate, 3 Low-severity issues. Another issue was fixed before the actual impact was assessed and so marked as having Unknown severity.
We fixed all these issues as soon as possible and before making them public on our GitLab. The last issue was fixed in 5.14, 3 weeks after it was reported to us.
As good as the results of this audit are, they also serve as a reminder that no software is ever 100% secure and that every release of Tails can fix critical security vulnerabilities. Your best protection against all kinds of attack is to keep your Tails up-to-date.
Because at Tails we believe that transparency is key to building trust, all the code of our software is public and the results of this audit as well. You can find below a summary of all the issues and their fixes.
Detailed findings
Tor integration
ID | Issue | Description | Impact | Status | Release |
---|---|---|---|---|---|
TLS-012 | #19585 | Leak clear IP as low-privileged user amnesia | High | Fixed | 5.12 |
TLS-013 | #19594 | Local privilege escalation to Tor Connection sandbox | High | Fixed | 5.12 |
TLS-014 | #19595 | Local privilege escalation to Tor Browser sandbox | Moderate | Fixed | 5.13 |
TLS-017 | #19610 | Insecure permissions of chroot overlay | Unknown | Fixed | 5.13 |
Archivio Persistente
ID | Issue | Description | Impact | Status | Release |
---|---|---|---|---|---|
TLS-003 | #19546 | Local privilege escalation in Persistent folder activation hook | High | Fixed | 5.11 |
TLS-004 | #19547 | Symlink attack in Persistent folder deactivation hook | Low | Fixed | 5.11 |
TLS-005 | #19548 | Local privilege escalation in GnuPG feature activation hook | High | Fixed | 5.11 |
Core
ID | Issue | Description | Impact | Status | Release |
---|---|---|---|---|---|
TLS-001 | #19464 | Local privilege escalation in tails-shell-library | High | Fixed | 5.11 |
TLS-009 | #19599 | Man-in-the-middle attack on onion-grater service | Low | Fixed | 5.13 |
TLS-011 | #19576 | Limited path traversal in tails-documentation | Low | Fixed | 5.13 |
TLS-019 | #19677 | Local privilege escalation in tailslib leads to arbitrary file read | High | Fixed | 5.14 |