Jump to content



Photo

Exploit found in Tails Linux 0.16 firewall


  • Please log in to reply
7 replies to this topic

#1 chrisj1968

chrisj1968

    copyrighted!! ©

  • Tech Issues Solved: 3
  • Joined: 17-June 08
  • Location: United States

Posted 17 February 2013 - 18:24

sourcehttp://cryptome.org/...ils-exploit.htm

I'm not tech inclined by most means but thought this might be of interest to you techno geeks who are "in the know" I'll quote the important section from the above link

Tails Linux version 0.16 - Firewall Disabling Script Waits For Exploitation

A sends:

Tails Linux version 0.16 - Firewall Disabling Script Waits For Exploitation

"If you’re running Tails version 0.15 or 0.16, please locate and delete the following file each session:

/usr/local/sbin/do_not_ever_run_me

The file, if ran with correct permissions, will completely disable your firewall! So much for the idea that Tails always routes everything through Tor! Where this news has been posted and comments allowed, mysterious “anonymous” users have expressed their low brow intelligence leaving comments such as, “Well you need to be root to run it so it doesn’t matter, if you have root you can do anything!”

First of all, a file called “do_not_ever_run_me” shouldn’t be on a Linux system. If it should NEVER BE RUN, and that means by anyone, root or user, local or remote, it SHOULD NOT BE INCLUDED IN THE DISTRIBUTION!

Any current or future exploit which targets this file will “drop the shields” for the Tails user.

Perhaps Tails itself in its next version, 0.17, should be nicknamed, “do_not_ever_run_me”.

Another questionable decision by the Tails developers is to place the following line within the torrc file (located at /etc/tor/torrc):

## We don’t care if applications do their own DNS lookups since our Tor

## enforcement will handle it safely.

WarnUnsafeSocks 0

Oh, really? We don’t care? Who is we? It’s not me! As the man page for Tor states, this is set to 1 by default, yet Tails sets it for 0! So if something “leaks”, you will never know it? Each session, delete this line or comment it out so the default is 1 like it should be for a Tor session.

What else can we find in this anonymously developed distribution? I’m glad I’m not driving a car with software made by this group of developers."

aka: Tails 0.16 lower shields

src: anonymous




#2 Max Norris

Max Norris

    Neowinian Senior

  • Tech Issues Solved: 14
  • Joined: 20-February 11
  • OS: Windows, BSD Unix, Occasionally OSX or Linux
  • Phone: HTC One (Home) Lumia 1020 (Work)

Posted 17 February 2013 - 18:42

I've never heard of this distribution myself, but the comments from a former developer of the distro adds some notes about this in the linked post, namely about running as root and why the WarnUnsafeSocks is set as it is.

#3 hjf288

hjf288

    Korean Crazy Man!

  • Joined: 19-April 03
  • Location: United Kingdom

Posted 17 February 2013 - 18:43

This isn't an exploit in the Linux firewall.

#4 OP chrisj1968

chrisj1968

    copyrighted!! ©

  • Tech Issues Solved: 3
  • Joined: 17-June 08
  • Location: United States

Posted 17 February 2013 - 18:55

This isn't an exploit in the Linux firewall.


ok maybe not an exploit per se' however, I'm able to wrap my feeble mind around this and deduct that the devs sent a script to disable the firewall. Dunno... :/

#5 Steve B.

Steve B.

    Neowinian British One

  • Tech Issues Solved: 5
  • Joined: 12-January 09
  • Location: United Kingdom
  • OS: Windows 8.1
  • Phone: Apple iPhone 4S

Posted 17 February 2013 - 19:19

Updated the topic title accordingly

#6 OP chrisj1968

chrisj1968

    copyrighted!! ©

  • Tech Issues Solved: 3
  • Joined: 17-June 08
  • Location: United States

Posted 17 February 2013 - 19:22

Updated the topic title accordingly


thank you.. covers head and runs embarrassed!

#7 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 85
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 17 February 2013 - 19:44

If your root you can disable the firewall - so why wouldn't it be scripted out if more than one command. I could see plenty of uses for such a file, troubleshooting issues for example. Pfsense has a checkbox that I can check that turns off the firewall, so is that an exploit??

exploit.png

#8 Growled

Growled

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 17-December 08
  • Location: USA

Posted 18 February 2013 - 00:10

I guess all three people who run Tails Linux is effected by this. (Just kidding guys)

That's a bad bug.



Click here to login or here to register to remove this ad, it's free!