Package: xul-ext-torbutton Version: 1.4.4.1-1 Tags: security I run Tor on a low SocksPort to prevent non-root accounts from impersonating the server. The latest version of Torbutton silently resets the port to 9050 on every startup. This normally prevents it from working, but also introduces a security hole because any unprivileged user could bind to that port and observe web traffic.
A workaround is to set the TOR_SOCKS_PORT environment variable to the proper number. - Michael -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash xul-ext-torbutton depends on no packages. Versions of packages xul-ext-torbutton recommends: ii iceweasel 7.0.1-2 ii tor 0.2.2.34-1 Versions of packages xul-ext-torbutton suggests: ii privoxy 3.0.17-1 -- no debconf information
signature.asc
Description: Digital signature