Hi,
I've had a look at the rewritten branch, at commit 7d0ea0b.
> root ALL = (tor-launcher) NOPASSWD: /usr/bin/tor-launcher
What is this useful for? root can already run any command as any user
without password, no?
> amnesia ALL = (root) NOPASSWD: /usr/local/sbin/tails-tor-launcher
It could be worth restricting the arguments that amnesia can pass to
this command. That would be none, or --force-net-config, right?
See config/chroot_local-includes/etc/sudoers.d/zzz_upgrade in the
feature/6508-incremental-upgrades-phase-four branch for an example of
such locking down I've recently done.
In /usr/local/sbin/tails-tor-launcher, I'd rather see the four
instances of:
VAR=value
export VAR
... written "export VAR=value" instead, but that's purely a matter of
personal taste, and I don't care much.
> touch /etc/authbind/byport/53
> chgrp debian-tor /etc/authbind/byport/53
> chmod g=x /etc/authbind/byport/53
Nowadays, I would instead write:
install --group=debian-tor --mode=0710 /dev/null /etc/authbind/byport/53
... but again, purely a matter of personal taste.
> $NICE \
> $AA_EXEC \
> - --exec $DAEMON -- $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS
> + --exec /usr/bin/authbind -- $DAEMON $AA_EXEC_ARGS $DEFAULT_ARGS $ARGS
Any reason why /usr/bin/authbind is not grouped with the other prefix
commands ($NICE and $AA_EXEC), instead of being part of the arguments
passed to --exec?
> Don't ever run Vidalia with -bridgeconf.
So we could update our Vidalia package:
1. to drop vidalia-bridgeconf.patch: not needed anymore
2. to hide bridge settings (either in
tails-remove-useless-controls.patch, or with a new patch, whatever
is more practical)
I guess #1 is not a blocker, but I'm unsure about #2. What happens if
a user changes bridges settings in Vidalia, after having set it in Tor
Launcher? And after *not* having set it in Tor Launcher?
(And if we address #2, implementing #1 as well does not add more than
a few minutes of work.)
That's all for now :)
Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
