[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] orWall 1.0.0 released!



CJ:
> On 04/10/14 00:27, Mike Perry wrote:
> > Also looking forward to the "Logs" window doing something :)
> 
> Same for me. This part will be complicated due to different kernel
> capabilities:
> some supports LOG target, other NFLOG, and the latter doesn't provide
> any nflog reader in the ROM (heya, Cyanogenmod, you're brain-dead on this!).
> Thus it means:
> - detecting which kind of log is supported
> - create some UI in order to activate logs (already have some ideas)
> - inject some binary in the system for nflog support
> - â and many other things.

Yeah, sounds messy. Though from the droidwall days, I thought that LOG +
dmesg was the common denominator, but I've been running Cyanogenmod for
a long time...

> Maybe this can be avoided, as AFWall+ is considering providing some
> intents as API end-points. This would mean:
> - install orWall
> - install AFWall+
> and you'll get the best of both worlds, as AFWall will take care of the
> iptables and log interfaces, just executing orWall ordersâ

Hrmm. Let's hope that AFWall is being careful with this. 

I get nervous when I hear that root apps are going to start exposing
APIs and Intents to configure stuff at the request of other apps.

This is especially risky when we're talking about stuff like iptables
commands that are destined for shell/direct execution. There's just too
many ways to mess that up and open up potentially remote exploitable
root holes (which even webpages can sometimes exploit in the case of
Intents).

-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk