English
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek
Tails Linux introduces reforms in security audit postmortem to make you safer
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Tails Linux introduces reforms in security audit postmortem to make you safer
Paul Hill
Neowin
@ziks_99 ·
May 17, 2025 10:16 EDT
Alongside the release of Tails 6.11 earlier this year, the Tails Project revealed that Radically Open Security was auditing the Tails operating system to better protect users. The audit has now concluded and no remote code vulnerabilities were found.
The only issues that were found required a compromised low-privileged amnesia user, which is the default account in Tails. Luckily for users, the Tails developers are quick on their toes and asked for information about the vulnerabilities before the report was published and released fixes for the discovered issues, which users now already enjoy.
Here’s an overview of what was fixed:
ID
Impact
Description
Issue
Status
Release
OTF-001
High
Local privilege escalation in Tails Upgrader
#20701
Fixed
6.11
OTF-002
High
Arbitrary code execution in Python scripts
#20702
Fixed
6.11
#20744
Fixed
6.12
OTF-003
Moderate
Argument injection in privileged GNOME scripts
#20709
Fixed
6.11
#20710
Fixed
6.11
OTF-004
Low
Untrusted search path in Tor Browser launcher
#20733
Fixed
6.12
Following the fixing of the bugs, the Tails team also did a postmortem of the audit to find out what cultural things need to change and which technical things need to be changed that had a role in allowing the entry of bugs into the operating system in the first place.
The major cultural change that Tails has adopted is how it shares vulnerabilities with the public. So far, it said it has been too secretive about vulnerabilities, but going forward, has adopted the security issue response policy based on the policy of the Tor Project’s Network Team.
It also found that refactoring large amounts of code can also be a way in for security bugs so from now on it will be more intentional and only do large refactoring when it’s worth the effort and risk.
For anyone running Tails, these are extremely positive developments. Tails is used by all sorts of people for sensitive work, so knowing that it’s being proactive on security is reassuring.
Source: Tails
Tags
Report a problem with article
Follow @NeowinFeed
#tails #linux #introduces #reforms #security
Tails Linux introduces reforms in security audit postmortem to make you safer
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Tails Linux introduces reforms in security audit postmortem to make you safer
Paul Hill
Neowin
@ziks_99 ·
May 17, 2025 10:16 EDT
Alongside the release of Tails 6.11 earlier this year, the Tails Project revealed that Radically Open Security was auditing the Tails operating system to better protect users. The audit has now concluded and no remote code vulnerabilities were found.
The only issues that were found required a compromised low-privileged amnesia user, which is the default account in Tails. Luckily for users, the Tails developers are quick on their toes and asked for information about the vulnerabilities before the report was published and released fixes for the discovered issues, which users now already enjoy.
Here’s an overview of what was fixed:
ID
Impact
Description
Issue
Status
Release
OTF-001
High
Local privilege escalation in Tails Upgrader
#20701
Fixed
6.11
OTF-002
High
Arbitrary code execution in Python scripts
#20702
Fixed
6.11
#20744
Fixed
6.12
OTF-003
Moderate
Argument injection in privileged GNOME scripts
#20709
Fixed
6.11
#20710
Fixed
6.11
OTF-004
Low
Untrusted search path in Tor Browser launcher
#20733
Fixed
6.12
Following the fixing of the bugs, the Tails team also did a postmortem of the audit to find out what cultural things need to change and which technical things need to be changed that had a role in allowing the entry of bugs into the operating system in the first place.
The major cultural change that Tails has adopted is how it shares vulnerabilities with the public. So far, it said it has been too secretive about vulnerabilities, but going forward, has adopted the security issue response policy based on the policy of the Tor Project’s Network Team.
It also found that refactoring large amounts of code can also be a way in for security bugs so from now on it will be more intentional and only do large refactoring when it’s worth the effort and risk.
For anyone running Tails, these are extremely positive developments. Tails is used by all sorts of people for sensitive work, so knowing that it’s being proactive on security is reassuring.
Source: Tails
Tags
Report a problem with article
Follow @NeowinFeed
#tails #linux #introduces #reforms #security