Get critical parts of Tails audited
It would be nice to have to following parts or Tails audited:
- Audit whatever upgrade mechanism we replace the current Tails Upgrader with in the "Rethink upgrade/installation" effort (possible in ~2 years probably).
- Audit the current implementation of Tails Upgrader. (Low prio since it will be obsoleted by the above point. ~1 kLoC of perl (but big parts are irrelevant since it is about generating IUKs.)
- Audit Tails Security Check (config/chroot_local-includes/usr/local/bin/tails-security-check, ~200 LoC.)
- Torification escapes for the Live user and other critical users
- Arbitrary persistence by the Live user
- Permissions of the device and data of the persistent device (Audit should be less than a day)
I'm forwarding this to an interested company that might want to do it for free, as form of a donation.
If that didn't happen, we (@Doyensec) would be also happy to provide testing services at a discounted rate for OSS projects, no-profit, etc. - in case email@example.com