Patrick Schleizer:
> Hi there,
>
> sorry for the delay, I got side tracked with other stuff.
>
> My first and summary impression is, that this is looking excellent!
\o/
> ./tor-controlport-filter --listen-address 9052
> Tor control port filter started, listening on 9052:9051
>
> Do you see any reason in Whonix not to use the following...?
>
> match-hosts:
> - '*'
Principle of least privilege and defense in depth, I guess. If your
threat model supports that any host with access to the gateway can use
the Tor control port, then it's fine. Otherwise, perhaps you solve it on
the firewall-level instead. But if a static address is used for the
workstation, and its the only expected client, then I think locking it
down is a good idea, especially when it is so cheap (just a static
configuration).
> What I found confusing is, that "SIGNAL NEWNYM" is allowed, but being
> case sensitive, i.e. "signal newnym" being blocked.
The command ("SIGNAL") is not case sensitive (e.g. "signal NEWNYM" is
eq. to "SIGNAL NEWNYM") per the Tor control port specification, and the
filter knows this. For arguments it depends on the command, and for
simplicity the filter tries to understand as little as possible of the
underlying language, so the responsibility is on the author of the
config file. However, it's fairly easy to profile an application with
the --complain option so I'm not worried about this being an issue.
> What do you suggest Whonix should use to pass --listen-address? A system
> drop-in file overwriting ExecStart?
Yes, an override like that seems like the way to go.
Cheers!
