[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] restricting output to the tor process, when using Tor browser
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: [tor-talk] restricting output to the tor process, when using Tor browser
- From: Mirimir <mirimir@xxxxxxxxxx>
- Date: Mon, 27 Jan 2020 22:27:07 -0700
- Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Tue, 28 Jan 2020 00:27:26 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1580189231; bh=UOVoUyORerKsvG2Jrc0epD8Yrz3GAogZGT+DLJ3vSfI=; h=To:From:Subject:Date:From; b=R86tpRORhCBgAIEjWedJX2jmAcO1k3gzBBvWLk+/TsSaSlTE3R9515YJAxQsaPA7A DcctBmDYwLIOtl+yEuNfej2qikAcmqGiwYmg2z0q7UlYcYqgOck4jtYh6CpRxgPME+ nnscYuqISSk7YA/KGLUaVRRzBiPaVd86HBm8lCP4=
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
OK, so I don't use standalone Tor browser, just in Whonix.
And when I use Tor in Debian, I use iptables rules like:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
-A OUTPUT -j DROP
COMMIT
But, in a Debian VM running Tor browser, I found that the tor process is
running as the login user. And so iptables is totally useless.
However, it's apparently easy to start Tor browser as its own user,
using Micah Lee's torbrowser-launcher.[0] Is that a prudent solution?
0)
https://medium.com/@jamesmacwhite/running-the-tor-browser-on-kali-linux-the-proper-way-d33a38b54e96
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk