Project

General

Profile

Feature #5340

Analyze Jake FOCI12 paper

Added by Tails over 4 years ago. Updated over 2 years ago.

Status:
In Progress
Priority:
High
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

10%

QA Check:
Feature Branch:
Type of work:
Research
Blueprint:
Easy:
No
Affected tool:

Description

We should analyze https://www.usenix.org/conference/foci12/vpwns-virtual-pwned-networks and decide what we should do.

Being discussed on tails-dev, starting with https://mailman.boum.org/pipermail/tails-dev/2012-August/001487.html

0001-Fix-leaks-identified-in-vpwns-paper.patch View (1.18 KB) ioerror, 07/24/2014 10:28 AM

0002-Remove-Foxyproxy-LAN-rule.patch View (1.7 KB) ioerror, 07/25/2014 12:24 PM


Related issues

Related to Tails - Feature #5293: Block dangerous LAN traffic Confirmed
Related to Tails - Feature #7976: Disable LAN access in Tor Browser Resolved 11/05/2014

History

#1 Updated by BitingBird over 3 years ago

  • Description updated (diff)
  • Target version set to Hole in the Roof
  • Easy set to No

#2 Updated by BitingBird over 3 years ago

  • Subject changed from analyze Jake FOCI12 paper to Analyze Jake FOCI12 paper

#3 Updated by Dr_Whax over 3 years ago

Added more information to #5293

#4 Updated by BitingBird over 3 years ago

  • Assignee set to Dr_Whax

DrWhax, do you think you finished analyzing the paper, or it should be read again?

#5 Updated by intrigeri about 3 years ago

I've sent my initial (rough, old, incomplete, possibly flawed) notes and security discussion to DrWhax. Hoping it helps.

#6 Updated by ioerror about 3 years ago

I've created a patch that largely resolves this issue. The patch does not fix it for users which are allowed to directly connect to the internet.

#7 Updated by ioerror about 3 years ago

I realized that while the firewall rules must be updated, the browser also needs an update - I had forgotten that the LAN Foxyproxy rule was in place by default. I've added a second patch - please merge both of these patches to fix the leaks in the browser and the firewall.

#8 Updated by Dr_Whax about 3 years ago

  • Target version changed from Hole in the Roof to Tails_1.2
  • QA Check set to Ready for QA

#9 Updated by anonym about 3 years ago

  • Related to Feature #7976: Disable LAN access in Tor Browser added

#10 Updated by intrigeri about 3 years ago

  • QA Check deleted (Ready for QA)

(Removing "Ready for QA", as this ticket is about researching how much of the problem applies to Tails, before we can discuss what we want to do, and then we'll have another ticket about implementing the chosen solution, which may be Jake's proposed one, or something else.)

#11 Updated by intrigeri about 3 years ago

DrWhax, any status update? What milestone can we postpone this to?

#12 Updated by anonym about 3 years ago

  • Target version changed from Tails_1.2 to Tails_1.2.1

#13 Updated by ioerror almost 3 years ago

Any update on this?

The patch that I provided on the mailing list should fix the leak for the general case.

#14 Updated by BitingBird almost 3 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#15 Updated by BitingBird almost 3 years ago

  • Target version changed from Tails_1.2.1 to Tails_1.2.2

#16 Updated by anonym almost 3 years ago

  • Target version changed from Tails_1.2.2 to Tails_1.2.3

#17 Updated by intrigeri almost 3 years ago

intrigeri wrote:

DrWhax, any status update? What milestone can we postpone this to?

Three months later, ping?

#18 Updated by intrigeri almost 3 years ago

  • Target version changed from Tails_1.2.3 to Tails_1.3

#19 Updated by Dr_Whax over 2 years ago

  • Target version changed from Tails_1.3 to Tails_1.4

#20 Updated by Dr_Whax over 2 years ago

I will have to sum up discussions that have happened and put them on a blueprint.

#21 Updated by intrigeri over 2 years ago

  • Target version changed from Tails_1.4 to Hole in the Roof

We've been postponing this analysis for way too long. We decided it was a Hole in the Roof a year ago, then someone committed to work on it and 10 months later we're basically at the same point, as far as I can see => setting back to Hole in the Roof (and will ask someone to unassign it, since I don't manage to do it via Redmine email interface).

#22 Updated by BitingBird over 2 years ago

  • Assignee deleted (Dr_Whax)

#23 Updated by sajolida over 2 years ago

  • Description updated (diff)

Also available in: Atom PDF