[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] orWall 1.0.0 released!

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] orWall 1.0.0 released!
From: CJ <tor@xxxxxxxx>
Date: Thu, 16 Oct 2014 13:30:18 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 16 Oct 2014 07:30:34 -0400
In-reply-to: <20141016094826.GD6668@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <542E5246.5070006@xxxxxxxx> <20141003222706.GF9509@xxxxxxxxxxxxxx> <20141016094826.GD6668@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.1.2


On 16/10/14 11:48, Mike Perry wrote:
> Mike Perry:
>> CJ:
>>> Hello!
>>>
>>> just a small update regarding orWall: it's released 1.0.0!
>>> There's still *one* annoying issue regarding the tethering, but it
>>> should be OK next week. Just have to take some time in order to debug
>>> this for good.
>>
>> I also suggest soliciting input about the DNS issue we discussed where
>> DNS queries are done by root on Android 4.3+ unless the
>> 'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone
>> will come up with a clever hack to set this env var in a persistent way
>> that we haven't thought of, or find some way to write a shim on the DNS
>> resolution filesystem socket to enforce what we want.
>>
>> You could list this on a known issues or FAQ page, or in your bugtracker
>> I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
>> very surprised the Android team thought this was a good idea. :/
> 
> I just noticed another issue this DNS-as-root snafu causes: The "Enable
> Browser" option seems to leave the UID 0 DNS redirect rule in place,
> which causes DNS lookups to fail if Tor is unreachable, which in turn
> makes most captive portals unusable (since Tor can't be used to do the
> DNS resolution for them).

oh gosh… good catch! I'll update that either today or this weekend.

> 
> I guess for now the only option is to remove the DNS redirect rule for
> the duration that the "Enable Browser" option is active? Sucky, but
> better than not being able to use captive portals..

No better way to make it work :(. Though captive portal are sucky
themselves, but this is another debate ;).


Cheers,

C.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] orWall 1.0.0 released!
  - From: CJ
- Re: [tor-talk] orWall 1.0.0 released!
  - From: Mike Perry
- Re: [tor-talk] orWall 1.0.0 released!
  - From: Mike Perry

Prev by Author: Re: [tor-talk] orWall 1.0.0 released!
Next by Author: Re: [tor-talk] iptables rules
Previous by thread: Re: [tor-talk] orWall 1.0.0 released!
Next by thread: Re: [tor-talk] orWall 1.0.0 released!
Index(es):
- Author
- Thread