Mike Perry: > CJ: > > Hello! > > > > just a small update regarding orWall: it's released 1.0.0! > > There's still *one* annoying issue regarding the tethering, but it > > should be OK next week. Just have to take some time in order to debug > > this for good. > > I also suggest soliciting input about the DNS issue we discussed where > DNS queries are done by root on Android 4.3+ unless the > 'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone > will come up with a clever hack to set this env var in a persistent way > that we haven't thought of, or find some way to write a shim on the DNS > resolution filesystem socket to enforce what we want. > > You could list this on a known issues or FAQ page, or in your bugtracker > I guess. Making root/UID 0 handle DNS is also a security risk, and I'm > very surprised the Android team thought this was a good idea. :/ I just noticed another issue this DNS-as-root snafu causes: The "Enable Browser" option seems to leave the UID 0 DNS redirect rule in place, which causes DNS lookups to fail if Tor is unreachable, which in turn makes most captive portals unusable (since Tor can't be used to do the DNS resolution for them). I guess for now the only option is to remove the DNS redirect rule for the duration that the "Enable Browser" option is active? Sucky, but better than not being able to use captive portals.. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk