[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] Linux kernel transproxy packet leak (w/ repro case + workaround)



Abel Luck:
> On Saturday 29 March 2014 03:10:47 grarpamp wrote:
> > On Fri, Mar 28, 2014 at 5:20 PM, intrigeri <intrigeri@xxxxxxxx> wrote:
> > > grarpamp wrote (28 Mar 2014 21:02:35 GMT) :
> > >> [...] what happens with entire vm IP transproxy (perhaps like
> > >> Tails)?
> > > 
> > > Tails only uses a transproxy for the automapped .onion addresses:
> > > https://tails.boum.org/contribute/design/Tor_enforcement/
> > 
> > My mistake. I think I meant to say whonix [1], just haven't followed
> > the developments of those two projects in quite some time.
> > [1] Or any model that sandboxes apps/OS/vm behind a firewall that
> > redirects all tcp and dns traffic into tor Trans* options and drops
> > the rest.
> 
> As the maintainer of the qubes-tor (TorVM) plugin for Qubes, I'm definitely 
> interested in this answer as I imagine Patrick @ whonix is too.
> 
> I'll see if I can reproduce this bug with the Qubes context [0]
> 
> ~abel
> 
> [0]: https://github.com/abeluck/qubes-tor/blob/master/start_tor_proxy.sh

Yup, qubes-tor (TorVM) does leak these packets. If explicit egress was
configured, it wouldn't have, but it isn't. Fix is incoming!

~abel

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk