[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] orWall 1.0.0 released!

On 16/10/14 11:48, Mike Perry wrote:
> Mike Perry:
>> CJ:
>>> Hello!
>>> just a small update regarding orWall: it's released 1.0.0!
>>> There's still *one* annoying issue regarding the tethering, but it
>>> should be OK next week. Just have to take some time in order to debug
>>> this for good.
>> I also suggest soliciting input about the DNS issue we discussed where
>> DNS queries are done by root on Android 4.3+ unless the
>> 'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone
>> will come up with a clever hack to set this env var in a persistent way
>> that we haven't thought of, or find some way to write a shim on the DNS
>> resolution filesystem socket to enforce what we want.
>> You could list this on a known issues or FAQ page, or in your bugtracker
>> I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
>> very surprised the Android team thought this was a good idea. :/
> I just noticed another issue this DNS-as-root snafu causes: The "Enable
> Browser" option seems to leave the UID 0 DNS redirect rule in place,
> which causes DNS lookups to fail if Tor is unreachable, which in turn
> makes most captive portals unusable (since Tor can't be used to do the
> DNS resolution for them).

oh gosh… good catch! I'll update that either today or this weekend.

> I guess for now the only option is to remove the DNS redirect rule for
> the duration that the "Enable Browser" option is active? Sucky, but
> better than not being able to use captive portals..

No better way to make it work :(. Though captive portal are sucky
themselves, but this is another debate ;).


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to