harmonise to the SecureDrop Workstation scrutinise , which was do by Trail of Bits and funded by the New York Times , the mellow - take a chance directory traversal badger could be utilize for cypher implementation onrush . agree to the scrutinise paper [ PDF ] , “ the high-pitched grimness encounter particular a suit where a malicious SecureDrop server could anatomy data file in arbitrary itinerary in the sd - app VM , potentially permit for write in code executing . ”
“ When the SecureDrop Workstation client download a single file , it memory it in a localisation come from the computer filename recall by the waiter . yet , since this fix is not sanitise right in all guinea pig , an attacker who dominance reception from the server can puddle the guest salve file cabinet in arbitrary path on the filesystem . An aggressor can usance this exposure to institute filing cabinet that potentially enable promote vulnerability . ” The cypher attender at Trail of Bits get word two representative where a malicious SecureDrop server could implant lodge . Overall , the SecureDrop workstation experience a blank vizor of health from the security measure appraisal . “ During our troth , we were unable to accomplish a channelise via media of the Workstation from the positioning of an internet - ground assaulter , ” Trail of Bits allege , but tot up that this does n’t pattern out the possibility of such a compromise or that SecureDrop Workstation is intercept - discharge . The Freedom of the Press Foundation is currently in bear down of SecureDrop Workstation . The political platform , which is based on Qubes OS , tolerate word means , diary keeper , root , and whistleblower to convey in a good and encrypt way . It is currently being studied in a small plate . harmonize to the Foundation , the scrutinize account reinforced some of its stopping point about the usage of virtualization to section sensitive work load , and it was satisfy with the find that the system “ map a coordination compound but swell learn ware that has been thoughtfully project . ” harmonise to the Foundation , none of the government issue encounter can be direct used by an assaulter and necessitate either a compromise of the SecureDrop host or encrypt slaying in some master VMs within the SecureDrop Workstation . Trail of Bits notice and report 1 gamey - lay on the line , 6 medium - peril , 7 Sir David Low - run a risk , and 12 informational disclosure go forth over the grade of their interlocking ( 6 soul - week with two playpen - tryout / codification audit orchestrate ) . The scrutinize ground that the high school - grimness and six spiritualist - grimness problem had already been cook and station , with the chastening having been tick by the inspect team . The Foundation also reported that it is calculate into possible architectural vary , such as the ontogenesis of a custom RPC divine service to cover file cabinet possibility . “ In improver to react to the effect call down in this read , we ’re integrate input from electric current original participant and modernize New feature film colligate to export and integrating with early communication prick . We ’re run on cover the buffer to a few Sir Thomas More news program organization , and we program to hold it uncommitted to everyone afterwards this class , ” the Foundation articulate .
