Re: [Tails-dev] Reducing attack surface of kernel and tighte…

Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls
On 12/4/14, Oliver-Tobias Ripka <otr@???> wrote:
> According to anonym on Thu, Dec 04 2014:
>
>> FWIW I experienced no issues during my tests with *only* ESTABLISHED in
>> both the INPUT and OUTPUT chains so neither NEW nor RELATED seems
>> essential for the basic usage I tested. And of course the above
>> "exploits" didn't work due to the absence of NEW.
>
> You're right it work with ESTABLISHED only. This is due to whitelisted
> rule for the debian-tor user that may send any kind of packet.


That is what I'd expect, yes. We should also tighten that user down as
well. What do you think for the first iteration?

>
> We might consider harden this rule to prevent leaks of other protocols
> by the debian-tor user; basically restrict it to only allow TCP SYN
> packets. The rest would be handled by the stateful rule.
>


Yes, I think ESTABLISHED makes sense and to have different users per
pluggable transport - for example.

All the best,
Jacob