Facebook Helped Develop a Tails Exploit

https://www.schneier.com/blog/archives/2020/06/facebook_helped.html

It does not make me sad that this person was unmasked and arrested. But this case raises important security questions.

How was the public IP address revealed?
This exploit was used to reveal the public IP address of the target person. Doesn’t Tails have the firewall configured to force all traffic through Tor? Either the exploit was sophisticated enough to bypass the firewall, or the public IP address was directly assigned to the computer and the payload of the exploit just read it from the system configuration. (If a computer is behind a home router, its only IPv4 address is often a local address and the public address is assigned to the router, not to the computer. With IPv6, things are different and every device typically has a public, globally unique IPv6 address. Protecting the users against information retrieval from the system configuration is something the Tails developers may have to think about.)

Code quality of software
Web browsers are a common target for attacks so the developers of browsers probably pay more than average attention to security aspects. Tor Browser takes some extra steps to improve security even further. But browsers are not the only target than can be attacked, and it’s not surprising to me that a video player was found to be vulnerable.

System hardening?
Are there any possibilities to prevent such exploits from working, on the system level, even if a particular piece of software is vulnerable? For example, OpenBSD uses the “W^X” memory protection scheme which is effective against buffer overflow exploits. Is it feasible to implement similar protection on Linux? Doesn’t Tails use AppArmor? Is it possible to configure it to provide such protection? If the IP address was retrieved from the system configuration, is it possible to prevent normal applications from accessing such information?