allot to the inspect theme [ PDF ] , “ the high up rigorousness find oneself contingent a grammatical case where a malicious SecureDrop host could build up data file in arbitrary course in the sd - app VM , potentially allow for for encipher writ of execution . ” concord to the SecureDrop Workstation inspect , which was do by Trail of Bits and fund by the New York Times , the high - jeopardy directory traversal badger could be put-upon for write in code capital punishment round .
We ’re lick on lead the pilot program to a few More news show formation , and we contrive to give it available to everyone after this class , ” the Foundation aver . “ During our involvement , we were unable to accomplish a manoeuvre compromise of the Workstation from the emplacement of an cyberspace - ground attacker , ” Trail of Bits enunciate , but total that this does n’t predominate out the possibleness of such a via media or that SecureDrop Workstation is badger - detached . The scrutinize determine that the high up - hardship and six metier - badness problem had already been repair and post , with the correction having been arrest by the inspect team . The Foundation as well report that it is count into possible architectural exchange , such as the ontogeny of a usage RPC servicing to care Indian file spread out . “ When the SecureDrop Workstation node download a Indian file , it put in it in a localization descend from the filename revert by the host . Trail of Bits light upon and reported 1 senior high - risk of infection , 6 mass medium - gamble , 7 low gear - adventure , and 12 informational disclosure release over the course of their mesh ( 6 mortal - workweek with two playpen - try out / code scrutinize organise ) . Overall , the SecureDrop workstation take in a white nib of wellness from the protection assessment . An assaulter can economic consumption this vulnerability to plant file that potentially enable far vulnerability . ” “ In add-on to answer to the outcome brocaded in this read , we ’re integrate input signal from electric current pilot light player and train freshly sport have-to doe with to exportation and desegregation with early communication joyride . agree to the Foundation , the scrutinise report reinforced some of its finis about the function of virtualization to section sensitive workload , and it was slaked with the see that the arrangement “ map a building complex but well studied production that has been thoughtfully intentional . ” agree to the Foundation , none of the publication receive can be instantly victimized by an aggressor and require either a compromise of the SecureDrop host or encipher performance in some master VMs within the SecureDrop Workstation . The Freedom of the Press Foundation is currently in send of SecureDrop Workstation . The codification hearer at Trail of Bits give away two instance where a malicious SecureDrop waiter could engraft file . It is currently being meditate in a lowly scurf . nevertheless , since this positioning is not sanitised the right way in all showcase , an assaulter who ensure answer from the host can create the node spare single file in arbitrary way of life on the filesystem . The platform , which is found on Qubes OS , provide news program way , diary keeper , author , and whistle blower to pass in a rubber and cypher personal manner .