Re: [Tails-dev] How to replace the green onion [was: What do…

Delete this message

Reply to this message
Author: Alan
Date:  
To: tails-dev
Subject: Re: [Tails-dev] How to replace the green onion [was: What do we miss to replace Vidalia]
Hi,

Some precisions on my last email below.

Alan <alan@???> wrote:
> intrigeri <intrigeri@???> wrote:
> > I can imagine that we have a totally separate backend that monitors
> > Tor's connectivity status
>
> Please note that I'm not aware of such a concept of "connectivity
> status" in Tor. If you know about it, don't hesitate to point me to
> relevant documentation.
>

There is a 'bootstrap-status' client status event (and associated
GETINFO) which gives information on the 1st bootstrap, but Tor doesn't
seem aware of lost connection (unless system clock jumps)

> An advantage if such an approach is that there is no reason why the
> DBus service would run the same unix user as the UI. So if the UI would
> only get its information from the DBus service, then we don't need any
> access to the Tor control port for the user running the UI.
>

Here is a diagram on what I though for more privilege separation:

         control socket
  Tor <----------------> TorMonitorD
                              ^
debian-tor user               |
.............................DBus............................
desktop user              syetem bus
                            /    \
                           /      \
                 gnome-shell      Tor Monitor
                 tor monitor      application
                  extension


Pros:

- only one connection to the Tor daemon
- better isolation between the controller and X

Cons:

- much more complicated design
- more work to implement