Re: [Tails-dev] vpwned

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] vpwned
Subject: Re: [Tails-dev] vpwned
Hi,

intrigeri wrote (01 Nov 2014 23:48:03 GMT) :
> It's likely that quite some more time can be needed until we have
> a full-fledged UI that gives us all we want, and allows us to switch
> to "forbid RFC1918 by default" without breaking too many existing
> usecases. Our UX folks are already busy with the Greeter revamp (that,
> incidentally, might be part of what we need here).


> So, a first (baby) step that could allow us to start moving in the
> right direction would be to unconditionally allow access to a specific
> list of ports only.


> So, let's start listing usecases.


So, the usecases we've listed are:

  * SSH
  * downloading from / uploading to a FTP server
  * printing a document on a network printer
  * going through whatever steps a captive portal asks me to;
    this generally involves DNS and HTTP


I'm tempted to propose a branch for Tails 1.3 that blocks access to
the LAN except to these ports. However, that's blocked by the planned
changes wrt. "web browsing on the LAN":

https://labs.riseup.net/code/issues/8218
https://labs.riseup.net/code/issues/7774
https://labs.riseup.net/code/issues/7976

I've asked sajolida on #8218 to sum up the discussion that has
happened on tails-ux@ about it.

Cheers,
--
intrigeri