[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torsocks/master] Fix: remove out of date and inaccurate FAQ
commit 6672e820f2f0c5569ccf1ce1ba274d37de1d39db
Author: David Goulet <dgoulet@xxxxxxxxx>
Date: Sat Aug 31 13:27:22 2013 -0400
Fix: remove out of date and inaccurate FAQ
Signed-off-by: David Goulet <dgoulet@xxxxxxxxx>
---
FAQ | 42 ------------------------------------------
1 file changed, 42 deletions(-)
diff --git a/FAQ b/FAQ
deleted file mode 100644
index 291edc2..0000000
--- a/FAQ
+++ /dev/null
@@ -1,42 +0,0 @@
-
-Q: tsocks doesn't seem to be working for SSH, why?
-
-A:
-
-tsocks can be used a number of ways, the most common being the LD_PRELOAD
-environment variable. When set (often through the 'tsocks' script) this
-requests that the system dynamic loader load tsocks into each process
-before execution of the process begins. This allows tsocks to redirect
-calls to standard networking functions to force them to be socksified.
-
-Unfortunately LD_PRELOAD simply doesn't work for setuid programs when the
-user running the program is not the same as the owner of the executable.
-This is because being able to load code into a privileged executable
-would be a major security flaw. To fix this problem you may wish to
-removed the setuid bit from SSH (this will force it not to use privileged
-TCP ports, disable some forms of RSA authentication to older servers and
-may have other effects). Alternatively you might wish to force tsocks to
-be loaded into all processes using the /etc/ld.so.preload file, for more
-information please see the tsocks man page.
-
-
-Q: tsocks doesn't seem to be working for ftp, why?
-
-A:
-
-tsocks can only socksify outgoing connection requests from applications,
-in ftp there are normally two channels, one is made from the client to
-the server (called the control channel) and another from the server back
-to the client (called the data channel). If a SOCKS server is between the
-client and the server the server will incorrectly try to connect back to
-the SOCKS server rather than the client. Thus the data channel connection
-will be fail (not that it would likely succeed even if it did try to
-connect back to the correct client, given the SOCKS server is probably
-firewalling the network off).
-
-The simplest solution to this problem is to use passive mode ftp, in this
-form of ftp all connections are made from the client to server, even the
-data channel. Most ftp clients and servers support passive mode, check
-your documentation (as a tip the Linux command line ftp client uses
-passive mode when invoced with the -p option)
-
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits