Tails Linux farewells 32-bit processors with imminent version 3.0
Security-centric distro also has some fixes in new version 2.10
The privacy-paranoid Linux distribution Tails has decided it's time to send 32-bit distributions the way of the 8086, from the planned June release of version 3.0.
Tails' developers offer two reasons in their announcement: make the distro safer and save precious developer resources.
The group explains that at the start of 2016, its bug report system WhisperBack gathered data that a mere four per cent of Tails users were on 32-bit systems.
That, the group says, meant that fixing compatibility bugs isn't worth the effort.
“Tails has been using a 64-bit Linux kernel for a while on machines that support it,” the post says. “But all other programs included in Tails so far were built for 32-bit processors, and compatibility issues kept arising.”
They add that 64-bit systems have better ASLR (address space layout randomisation) and compulsory NX bit support.
ASLR makes it harder for an attacker to predict how a program is going to arrange data in memory. A wrong guess and the victim machine might simply crash and end the attack, and the much larger address space in 64-bit systems means it's much harder to seek out data by guessing.
The NX bit (in Intel systems implemented as XD, eXecute Disable; in AMD, Enhanced Virus Support) marks parts of memory as non-executable, and helps protect systems against malware exploiting buffer overruns.
Tails 3.0 is currently in beta. Its most recent release included security fixes like rejecting packets on the LAN sent to NetBIOS; and making the Seahorse key management utility use the Tor OnionBalance hidden service pool. Doing so “provides transport encryption and authentication of the keyserver”.
At the end of January, the current stable version of Tails was upgraded from 2.9.1 to 2.10. As the announcement warns, it's a major fix for a bunch of security bugs in the Tor Browser; BIND 9; the Icedove e-mail client; the PCSC-lite smart card access middleware; the libgd2 and libxml2 libraries; SAMBA; and a buffer overrun in the Tor comms client. ®