Hi,
adrelanos wrote (21 Oct 2013 15:33:11 GMT) :
>> since we are forbidding access to the control port for the
>> amnesia user)
> What's your rationale behind that? Probably "GETINFO address"?
Exactly.
> Would that be worth adding to Tails design doc? Haven't seen it there.
It's not in the design doc you can see online since this protection is
not implemented in any stable Tails release yet, and we only document
what exists.
However, it's documented already in the design doc from the testing
branch, and will be published at the same time as Tails 0.21.
>> The fix for the "are we connected to Tor" check was a bit harder,
> You might be interested in the solution I came up with for Whonix. It's
> called Control Port Filter Proxy. [1] In essence, "wretch a proxy in
> between Tor Browser and control port, allow a few hand selected, white
> listed control port commands, discard the rest". I'd be interested in
> your thoughts about that as well.
Sure, that's the long-term plan. I was pretty sure we had a ticket
about it, but not yet apparently, so I created one:
https://labs.riseup.net/code/issues/6384
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
