Re: [Tails-dev] A quick look at uwt

このメッセージを削除

このメッセージに返信
著者: adrelanos
日付:  
To: intrigeri
CC: tails-dev
題目: Re: [Tails-dev] A quick look at uwt
intrigeri:
> Hi!
>
> it seems we'll need something similar to uwt to implement some of
> the Tails stream separation design [...]


Great. Please keep me posted. I am certainly interested. After all,
because you are the one who added a patch to torsocks-debian, you
could also add (tails_)uwt to torsocks-debian?

>
> Predictable filename in world-writable directory => welcome to
> symlink attacks:
>
> TORSOCKS_CONF_FILE="/tmp/$(whoami)_torsocks_temp"
>
> Also, the use of a per-user unique filename is prone to
> race-conditions.


Confirmed. Now using other folder ""$HOME"/.torsocks_temp/..."

For example ""$HOME"/.torsocks_temp/"$command""? Using the command
variable is a bit difficult, since it may contain invalid characters
such as /. Also would add unnecessary logging of commands.

Best thing could be to give each configuration file its own random
number. For now it has been added by me. It fills up the
"$HOME"/.torsocks_temp/ folder and I am not sure about the best way to
clean it up. Feedback welcome.

> If one of -i, -p and -t is not passed, uwt happily creates a
> non-functional TORSOCKS_CONF_FILE and passes it to torsocks, who
> is the one who eventually complains. This is a bit confusing.


Confirmed. Fixed. Now checking if -i, -p, -t and -c are given. If not,
show error and abort.

> Buggy handling of wrapped commands whose arguments contain spaces
> (is going through getopt necessary for the wrapped command at
> all?):
>
> $ gpg --recv-keys 2861A790 $ gpg --list-keys "Micah Anderson" pub
> 4096R/2861A790 2009-05-08 [expires: 2013-05-02] uid Micah Anderson
> <micah@???> uid                  Micah Anderson
> <micah@???> sub   4096R/D40ED62E 2009-05-08 [expires:
> 2013-05-03] sub   4096R/B61CAE53 2009-05-08 $ uwt -i 127.0.0.1 -p
> 9050 -t 5 -c 'gpg --list-keys "Micah Anderson"' gpg: error reading
> key: public key not found


Confirmed. I don't know how to fix it. Ideas?

> Confusing message (actual behavior looks good, though):
>
> echo "UWT_LOCALHOST: $UWT_LOCALHOST NOT using torsocks." echo
> "exec torsocks \"$@\""
>
> Über-bold


Confirmed. Fixed. Changed to 'echo "uwt: localhost detected. Not using
torsocks."' and open for suggestions. I change it to anything you suggest.

> (and probably fragile) parsing of wrapped command -- I find this
> to be a bit scary, as it silently assumes every occurrence of
> these strings in a wrapped command line means that the user wants
> to connect to localhost, which might not be the case:
>
> case "$*" in *127.0.0.1*) *localhost*)


Confirmed. No idea how this could be done better.

A -l for localhost option wouldn't make sense as uwt's main purpose is
to be used by wrappers. The magic "add stream isolation for non socks
aware applications with uwt hack while not breaking localhost
connections and while the user does not have to care about" does not
work so well. Open for suggestions.

> Thank you for writing uwt.


Thanks for looking! :)