Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday June 17 2018, @09:54AM   Printer-friendly
from the not-quite-secure dept.

A compromised local user can leak your IP by using a script to start unsafe-browser hidden in the background and use X11 trickery to leak your real IP without privilege escalation. Most applications exploited on Tails would be capable of this.

deleting /etc/sudoers.d/zzz_unsafe-browser after booting will fix this issue until Tails fixes it themselves

Bug #15635

Feature #7072: Research potential for deanonymization by a compromised "amnesia" user

The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2, Insightful) by Anonymous Coward on Sunday June 17 2018, @11:16AM (1 child)

    by Anonymous Coward on Sunday June 17 2018, @11:16AM (#694208)

    The 3rd line of the proof of concept (linked in summary) looks wrong to me. I checked the man page but I still don't get it. Can a bash guru chime in and explain what's going on?

    Here's the line in question:

    mv /run/user/1000/bus{,.bak}

    (Isn't the destination missing?)

    • (Score: 5, Informative) by Anonymous Coward on Sunday June 17 2018, @11:43AM

      by Anonymous Coward on Sunday June 17 2018, @11:43AM (#694209)

      {,.bak} invokes shell expansion, the whitespace-seperated word-part it is connected to is repeated and attached to each comma-separated token inside the curly brackets, so

      mv /run/user/1000/bus{,.bak}

      expands to:

      mv /run/user/1000/bus /run/user/1000/bus.bak

      The first token is empty in the above example, empty tokens are valid. Another more complex example, "{a,b,c}{d,e}" expands to "ad ae bd be cd ce"

  • (Score: 0, Troll) by MichaelDavidCrawford on Sunday June 17 2018, @12:26PM (2 children)

    $ sudo apt-get remove unsafe-browser

    Extra Credit: Sometimes that removes all its dependencies too.

    It happens that even CentOS' default install is chock full O' GUI attack surfaces. I at first looked to see what daemons were enabled, disabled then "# apt-get remove'-ed them, as well of some of their dependencies.

    Then I removed xlib. The poorly-implemented video "games" fell like a row of dominos.

    By the time I was done there were only a few dozen top-level packages installed.

    I always intended to write a script for that, but then I always intend many things.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 1, Interesting) by Anonymous Coward on Sunday June 17 2018, @05:05PM (1 child)

      by Anonymous Coward on Sunday June 17 2018, @05:05PM (#694290)

      "apt-get" on centos?

      • (Score: 2, Touché) by Anonymous Coward on Sunday June 17 2018, @09:53PM

        by Anonymous Coward on Sunday June 17 2018, @09:53PM (#694355)

        To his credit his apt-get example on Centos was commented out behind the #.

  • (Score: 2, Informative) by Burz on Monday June 18 2018, @03:37AM

    by Burz (6156) on Monday June 18 2018, @03:37AM (#694414)

    A system that runs tor and apps (browser, etc) in separate VMs:

    https://www.whonix.org [whonix.org]

(1)