-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/11/2013 03:20 PM, Moon Jones wrote:
> one large encrypted space. So the packs added are put inside the > encrypted drive. I'd say the libs and executables are fine out in > clear, For folks that have not yet gone poking around inside a copy of TAILS installed on a USB key, Moon refers to the contents of the file filesystem.squashfs, which contains the guts of TAILS (the Debian install and basic configuration files). You can list the contents of it with the following command: [drwho@windbringer live]$ unsquashfs -ls filesystem.squashfs | less It is worth noting that, if an unprivileged user can list the contents of the file, an unprivileged user (an attacker) can potentially unpack the contents of the file, tamper with them, and then repack them. I do not know if there are any measures to detect alteration of this file when TAILS boots, I haven't taken the time to go poking around inside the initrd.img or initrd2.img files (used by the kernel when TAILS boots) to see if there is anything of that sort. A cursory examination of the contents of the syslinux/ directory does not show anything of that sort. > but the configs should be on the encrypted drive. Along with > something Some of the system's configuration are. If the user runs `apt-get update` on a running copy of TAILS, the data will be stored in the encrypted partition in the apt/ directory. CLAWS configs are stored in claws-mail/. The live-persistence.conf file has me somewhat curious; it is a text file which maps directories in the running system to subdirectories of the encrypted partition. For example: /home/amnesia/Persistent source=Persistent Where "source=Persistent" seems to reference a directory called Persistent/ in the root of the encrypted partition. It seems possible that one could edit this file to add additional lines to this file which would cause some number of files in other directories to be kept here instead (/etc, perhaps). I haven't tried this, but it seems like a useful experiment to carry out. A little poking around on the TAILS website did not reveal anything specific to that file, but I didn't look terribly hard. > like tripwire data, or at least some fingerprints and a file list > to confirm the libs haven't turn against you overnight. AIDE would be ideal for this, one would think. It is much more lightweight than Tripwire, and could be set to run at boot or login time. > Yes. I did the same upgrade and it worked in an instant. I was so > happy everything was ok. If I recall well, only three upgrades can > be done, than I'll have to migrate the data by hand. Anyway, going > from 0.19 to Was this experience, or is it documented anywhere? > Only that on an older than Tails 0.17 I fired up Synaptic and did > some «cleanup», removing everything I did not want. Than I put some > software I needed. And in the end I have broken the whole distro. I > did nothing exotic. I have not add foreign repositories. And it did > not work. So I'm trying to avoid customising Tails for every day > use. TAILS does seem to be somewhat problematic in this respect. For example, I tried to install a couple of Firefox plugins that I find very useful (Scrapbook and Calomel-SSL, if anyone is interested) and they didn't persist across reboots. A little irritating, but perhaps it's for the best. > I was thinking for my everyday system portable from one computer > to another without touching the installed hard drive. The config > is different. And I'm afraid to break stuff. This makes me wonder just how much abuse TAILS can really take before it breaks down... - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "No other race in the universe goes camping. Celebrate your uniqueness." --Jack Harkness -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIx5+sACgkQO9j/K4B7F8FfGgCdENnIdiRkXuDLFHvjP/kDLdRs bp4An3A+keDdMDUyiK6VALoG8EYomJtM =byVf -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
