[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB as user debian-tor

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TBB as user debian-tor
From: unknown <unknown@xxxxxxxxx>
Date: Fri, 14 Oct 2011 17:20:08 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 14 Oct 2011 13:21:37 -0400
Gpg-key-fingerprint: EE1E 6772 92A7 F9F1 F1DE 326B 9153 691B 8058 5959
In-reply-to: <ae022423-5506-48f7-a088-cc2050390e29@zimbra>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Organization: PGPru.com
References: <20111013194923.GA5206@xxxxxxxx> <ae022423-5506-48f7-a088-cc2050390e29@zimbra>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: unknown

On Fri, 14 Oct 2011 12:00:15 +0200
Marco Bonetti <sid77@xxxxxxxxxxxx> wrote:

> ----- Original Message -----
> > it's files to debian-tor with: chown -R debian-tor tor-browser_en-US/
> maybe "chown -R debian-tor:debian-tor tor-browser_en-US/" should be a little better

Mixing permissions from "local-browser-tor" from TBB and "global-system-debian-package-tor"
seems to be an unnecessary confusion.

> > xhost + & sudo -u debian-tor /tor-browser_en-US/start-tor-browser
> as already pointed out, "xhost +" is a bit too wide open, try with "xhost local:" to accept only localhost X11 connections
> 

It's still too broad permission: any user from localhost can connect to Xserver
In xhost command username can be specifyed. IMHO it's still a dangerous way.

Debian/Linux/(other Unix-like) has two choices now:

1. Officialy recommended: use TBB as is, starting from start-tor-browser.sh,
with Vidallia and "local-tor with-users-rights" -- from your own username.

2. Risky and complex if configured mistakenly: also use start-tor-browser.sh
but just to start TBB-FF (avoiding new restrictive measures), then kill -9
Vidallia and local Tor and use firewall to send your traffic to system-tor.

2-nd point is actual if you use different tor profiles, transparently anonimyzing
(with iptables + system tor), anonymizing routers, virtual machines, parallel running
separated X-sessions, global SELinux policies, etc.

I trying discuss it before: 

https://lists.torproject.org/pipermail/tor-talk/2011-October/021739.html

You can follow this tread and find working solution.

Use it at your own risk!

Will be better if TBB provide officialy options for using 
system Tor-daemon for Linux users.

Self-made measures is the best way to "shoot yourself in the foot", 
but very restrictive and rigide ways to use current TBB
 are "unix-unfriendly" overmuch.

I think some secure, officially adopted, broadly tested tradeoff between advanced 
and unexperienced using of Tor in Unix-like is needed.

First step may be an option (non-default) in some config to start T-Browser without 
 bundling it to local Tor and Vidallia. 

I hope that developers finds a way to give users a choice for experimenting
even though this choice is potentialy way to "shoot yourself in the foot".

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TBB as user debian-tor
  - From: unknown

References:
- [tor-talk] TBB as user debian-tor
  - From: sigi
- Re: [tor-talk] TBB as user debian-tor
  - From: Marco Bonetti

Prev by Author: Re: [tor-talk] Trouble with 2.2.33-3 - Dirty workaround to avoid user local-tor in Linux
Next by Author: Re: [tor-talk] TBB as user debian-tor
Previous by thread: Re: [tor-talk] TBB as user debian-tor
Next by thread: Re: [tor-talk] TBB as user debian-tor
Index(es):
- Author
- Thread