Commit c8a1249b authored by Tails developers's avatar Tails developers

Merge branch 'bugfix/safer-persistence' into devel

parents dc44ec7a 025f8631
[[!meta title="Recovering from insecure persistence settings"]]
The persistent volume or a persistence configuration file has insecure
access rights.
<div class="caution">
This means that an attacker who could run an exploit from inside your
<p><strong>Your persistent volume or its settings have insecure user
rights.</strong></p>
<p>This means that an attacker who could run an exploit from inside your
Tails session could corrupt the persistent volume settings. By doing
this, an attacker could possibly gain persistent administrator rights
or install malicious software.
or install malicious software.</p>
</div>
Under normal conditions, this should not happen. This might be
a problem in Tails, so please [[report an
error|doc/first_steps/bug_reporting]].
To enable again your persistent volume, follow the instructions to
To recover the data from your persistent volume, follow the instructions to
[[manually copy your persistent data to a new
device|copy_to_a_new_device]].
device|copy]].
For more technical details about the security of the persistent volume,
read our [[design document|contribute/design/persistence#security]].
......@@ -17,21 +17,26 @@ Automatic upgrade
=================
We designed a migration mechanism that allows, in most cases, to upgrade
automatically to those more secure persistent volume settings. To do
this upgrade, start Tails 0.21, and enable persistence without
the read-only option. If the upgrade is successful, Tails starts as
usual and no notification appears. This upgrade is done once and for
all. Activating the read-only option prevents Tails from starting
correctly until the upgrade is made.
automatically to those more secure persistent volume settings. To do this
upgrade, once and for all:
1. **Start Tails 0.21**.
2. **Enable persistence** without the read-only option. Activating the read-only
option prevents Tails from starting correctly until the upgrade is made.
3. If the upgrade is successful, Tails starts as usual and no notification
appears.
But this automatic upgrade might not be sufficient in some cases.
1. **If you have skipped the Tails 0.21 upgrade and have upgraded
to a newer version**, then try the automatic upgrade process
documented above, or follow the instructions to [[manually copy
your persistent data to a new device|copy_to_a_new_device]].
a. **If you skipped the upgrade to Tails 0.21 and upgraded directly
to Tails 0.22 or later**, then install [Tails
0.21](http://dl.amnesia.boum.org/tails/obsolete/) to run the automatic upgrade
as described above, or follow the instructions to [[manually copy
your persistent data to a new device|copy]].
For security reasons the automatic upgrade is not available in Tails 0.22 or
later.
1. **If you have custom persistence settings or use
b. **If you have custom persistence settings or use
[[additional software packages|configure#additional_software]]**, the
corresponding settings are not upgraded automatically.
......@@ -45,14 +50,14 @@ But this automatic upgrade might not be sufficient in some cases.
If you have custom persistence settings or use additional software
but no notification appear on the desktop, then your Tails system
might be corrupted. In that case, follow the instructions to [[manually copy
your persistent data to a new device|copy_to_a_new_device]].
your persistent data to a new device|copy]].
</div>
1. **If you have good reasons to think that your persistence settings
c. **If you have good reasons to think that your persistence settings
are corrupted** or if you want to be extra careful, then follow the
instructions to [[manually copy your persistent data to a new
device|copy_to_a_new_device]].
device|copy]].
<div id="custom_settings">
......@@ -127,7 +132,7 @@ introduced by an attacker. In this case, do the following:
later if needed.
1. Follow the instructions to [[manually copy your persistent data to a
new device|copy_to_a_new_device]].
new device|copy]].
**If you do not detect any suspicious line**, close
<span class="application">gedit</span> and delete the
......@@ -174,7 +179,7 @@ following:
later if needed.
1. Follow the instructions to [[manually copy your persistent data to a
new device|copy_to_a_new_device]].
new device|copy]].
**If you do not detect any suspicious line**, close
<span class="application">gedit</span> and delete the
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment