On 7/27/14, Kill Your TV <killyourtv@???> wrote:
> On Fri, 25 Jul 2014 11:08:19 +0000 (UTC)
> intrigeri <intrigeri@???> wrote:
>
>> Note: what follows is *not* about finding a solution to the last
>> de-anonymization vulnerability found in I2P 0.9.13. I trust the I2P
>> team will do a proper job at it.
>
> A new release is out that resolves this recent XSS and a few other
> issues, but it has had very, very little testing. Perhaps there are
> other problems lurking which haven't been reported yet; people are
> certainly giving I2P more attention *now*.
Is it possible to disable the I2P console entirely until it has been audited?
> (Exodus reported *multiple*
> 0days incl RCE affecting Tails. See also
> http://www.twitlonger.com/show/n_1s2jibg. Are these others in I2P? Tor?
> Something else? Will these other 0 days be disclosed or are they
> to be sold?)
>
I have a similar concern. I think that this suggests that we need to
get our act together and audit audit audit. We should also work to
mitigate these kinds of bugs - assuming that we've missed something as
we have probably missed something. :(
> WRT to the last I2P release: I do know that the filtering is a little
> too strict and broke retrieving torrent metainfo, so I think that there
> will be a point release relatively soon (Perhaps the I2P-users on Tails
> don't bother with this feature?).
Will the Debian packages be updated sometime soon?
>
> I still haven't had a chance to play 'catch-up' with the posts,
> Redmine, and/or IRC to give the level of detail that they deserve,
> but a few quick things:
>
> apparmor: This was in my plans prior to this bug but of course its
> priority has been raised.
Wouldn't any policy that blocks the latest RCE also block the way that
I2P actually functions?
>
> 'router console access': How many on Tails on I2P just visit I2P
> internal sites? How many look at or change settings here? Should this be
> disabled by default?
Yes, please disable it, if that is possible. Or perhaps make a web
view or something similar with it?
>
> greeter or boot option: Seems like a reasonable compromise. I suppose
> could also allow the "I2P-specific" rules to be set if-and-only-if this
> option is specified.
I think it would be good to privilege separate administration of I2P
(eg: console) from usage of I2P (eg: touching the network).
>
> More will be forthcoming.
Sounds good. I look forward to hearing more and I'm happy to help.
What do you think about routing all I2P traffic over Tor? That seems
like something that may happen as a stop gap. Thoughts on that are
really needed.
All the best,
Jacob