Re: [Tails-dev] What do we miss to replace Vidalia

Poista viesti

Vastaa
Lähettäjä: intrigeri
Päiväys:  
Vastaanottaja: The Tails public development discussion list
Aihe: Re: [Tails-dev] What do we miss to replace Vidalia
Hi,

Alan wrote (20 Feb 2015 19:43:01 GMT) :
> intrigeri <intrigeri@???> wrote:
>> Alan wrote (15 Feb 2015 00:42:34 GMT) :
>> > intrigeri <intrigeri@???> wrote:
>> On Tails/Jessie, "Applications -> Utilities -> System Monitor ->
>> Ressources" seems to address the need you're expressing. We ship it
>> already. Please try it out before writing code that duplicates this
>> existing functionality :)
>>
> I'll try.


:)

>> I guess the only way to know is to actually run Tor Monitor behind our
>> filtering proxy, have the latter log refused commands, append to the
>> whitelist until everything works, and then report back what the
>> whitelist is. Are you interested in doing this?
>>
> Couldn't this be a 2nd step? I might be interested but I'd like to see
> this as a project mainly for fun. Currently I'm more into doing it good
> enough to replace vidalia. Does this makes sense to you?


On the one hand, one of my main motivations to remove Vidalia is
precisely to get rid of this "one X application has full control over
Tor" situation, so I'm kinda reluctant to say "yes of course, no
problem" (especially if we're going to run Tor Monitor all the time to
have it display some Tor status indicator somewhere).

On the other hand, I realize that even replacing Vidalia with
something that has enough features and is actively maintained would be
an awesome improvement, so I'll tune down my concerns and answer: yes
of course, no problem :)

Would be good if this filtering idea was written down in a ticket
somewhere, though. Need a Tor Monitor "Affected Tool" value
in Redmine?

>> Just to clarify: I count retrieving info about the Tor state (GETINFO)
>> as read-only access, even if technically this is wrong. Maybe that's
>> where the misunderstanding was. The security feature I'm asking for is
>> that Tor Monitor shouldn't be allowed to *configure* Tor, and it
>> should only be allowed to *retrieve* the info it really needs via
>> a GETINFO filter.
>>
> OK, then it has "read only" access in your sense of "read only".


Great.

>> I definitely wouldn't miss it if the platform and uptime info
>> disappeared, and we got tighter security as a result. Let's just do
>> that and get rid of the SOCKS port access requirement, then?
>>
> Done in git.


\o/

>> > I was thinking about an application that an user would only launch from
>> > the Applications menu/overview. I also thought about a button in the
>> > "Tor is ready" notification.
>>
>> I like it this way.
>>
> Good. I'm up for doing that in Tails/Jessie as soon as we get a
> consensus on the rest.


This is being thought through more in depth in another part of this
thread, so let's leave it at that in this sub-thread.

Cheers,
--
intrigeri