Re: [Tails-dev] Please review and test feature/bridge-mode

This message is part of the following thread:
M+---\the complete thread tree sorted by date
MM-+\Msajolida at <-
MM\MManonym at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Please review and test feature/bridge-mode
Hi,

I've had a look at the rewritten branch, at commit 7d0ea0b. 

> root    ALL = (tor-launcher)    NOPASSWD: /usr/bin/tor-launcher

What is this useful for? root can already run any command as any user
without password, no? 

> amnesia ALL = (root)            NOPASSWD: /usr/local/sbin/tails-tor-launcher

It could be worth restricting the arguments that amnesia can pass to
this command. That would be none, or --force-net-config, right?

See config/chroot_local-includes/etc/sudoers.d/zzz_upgrade in the
feature/6508-incremental-upgrades-phase-four branch for an example of
such locking down I've recently done.

In /usr/local/sbin/tails-tor-launcher, I'd rather see the four
instances of:

VAR=value
export VAR

... written "export VAR=value" instead, but that's purely a matter of
personal taste, and I don't care much.

> touch /etc/authbind/byport/53
> chgrp debian-tor /etc/authbind/byport/53
> chmod g=x /etc/authbind/byport/53

Nowadays, I would instead write:

install --group=debian-tor --mode=0710 /dev/null /etc/authbind/byport/53

... but again, purely a matter of personal taste. 

>                         $NICE \
>                         $AA_EXEC \
> -                       --exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS
> +                       --exec /usr/bin/authbind -- $DAEMON $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS

Any reason why /usr/bin/authbind is not grouped with the other prefix
commands ($NICE and $AA_EXEC), instead of being part of the arguments
passed to --exec? 

>    Don't ever run Vidalia with -bridgeconf.

So we could update our Vidalia package:

1. to drop vidalia-bridgeconf.patch: not needed anymore
2. to hide bridge settings (either in
tails-remove-useless-controls.patch, or with a new patch, whatever
is more practical)

I guess #1 is not a blocker, but I'm unsure about #2. What happens if
a user changes bridges settings in Vidalia, after having set it in Tor
Launcher? And after *not* having set it in Tor Launcher?

(And if we address #2, implementing #1 as well does not add more than
a few minutes of work.)

That's all for now :)

Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] add on[Tails-dev] 'The Distro Cave' Project->
lists.autistici.org administrated by postmasterLurker (version 2.3)