Hi!
intrigeri:
> unset TOR_CONTROL_PORT and TOR_CONTROL_HOST (non-working
> anyway, since we are forbidding access to the control port for
> the amnesia user)
What's your rationale behind that? Probably "GETINFO address"?
Would that be worth adding to Tails design doc? Haven't seen it there.
> The fix for the "are we connected to Tor" check was a bit harder,
You might be interested in the solution I came up with for Whonix. It's
called Control Port Filter Proxy. [1] In essence, "wretch a proxy in
between Tor Browser and control port, allow a few hand selected, white
listed control port commands, discard the rest". I'd be interested in
your thoughts about that as well.
Cheers,
adrelanos
[1]
https://www.whonix.org/wiki/Dev/CPFP