Re: [tor-talk] Tor and iptables.
On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote: > Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock > down Tor using Tor browser? Well, given the way OP phrased his question, I just assumed he wanted to prevent any unwanted input to his system, which is why I gave him a simple ruleset which allows any output. If you want to filter output as well but allow Tor Browser to work, I see two ways to accomplish that: - Go with the seperate user method: Create a seperate user just to run Tor Browser and allow output for just this user. You could launch Tor Browser as this user using gksudo or kdesudo. - Configure a bridge for Tor Browser to use and allow output to just this bridge filtering by IP adress as well as port. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
On 12/12/2016 01:14 AM, Jonathan Marquardt wrote: > On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote: >> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock >> down Tor using Tor browser? > > Well, given the way OP phrased his question, I just assumed he wanted to > prevent any unwanted input to his system, which is why I gave him a simple > ruleset which allows any output. Right. But I'm more paranoid about restricting output, given that phone-home malware is now a routine risk. > If you want to filter output as well but allow Tor Browser to work, I see two > ways to accomplish that: > > - Go with the seperate user method: Create a seperate user just to run Tor > Browser and allow output for just this user. You could launch Tor Browser > as > this user using gksudo or kdesudo. Thanks :) > - Configure a bridge for Tor Browser to use and allow output to just this > bridge filtering by IP adress as well as port. That seems more complicated. Sorry about missing the typo in my initial reply. It _was_ an invalid rule. But accepting lo is necessary with default deny, right? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote: > Sorry about missing the typo in my initial reply. It _was_ an invalid > rule. But accepting lo is necessary with default deny, right? Yes, sorry, you're right. My bad. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor 0.2.9.7-rc is released: small changes, nearly done!
Hi, all! I just tagged and uploaded Tor 0.2.9.7-rc. The source is available at the usual place in the website. Other packages should be available soon. This Tor release will probably go into the hardened TB series coming out in the next couple of days. (I hear that 0.2.9.6-rc will be in the regular alphas, since those builds froze a little before I finished this Tor release.) We're rapidly running out of serious bugs to fix in 0.2.9.x, so this is probably the last release candidate before stable ... unless you find bugs while testing! Please try these releases, and let us know if anything breaks. Testing either 0.2.9.6-rc or 0.2.9.7-rc would be quite helpful. Changes in version 0.2.9.7-rc - 2016-12-12 Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on some platforms. o Minor features (geoip): - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database. o Minor bugfix (build): - The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha. o Minor bugfixes (directory authority): - When computing old Tor protocol line version in protover, we were looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha. Fixes bug 20810; bugfix on tor-0.2.9.4-alpha. o Minor bugfixes (download scheduling): - Resolve a "bug" warning when considering a download schedule whose delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha. o Minor bugfixes (logging): - Downgrade a harmless log message about the pending_entry_connections list from "warn" to "info". Mitigates bug 19926. o Minor bugfixes (memory leak): - Fix a small memory leak when receiving AF_UNIX connections on a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha. - When moving a signed descriptor object from a source to an existing destination, free the allocated memory inside that destination object. Fixes bug 20715; bugfix on tor-0.2.8.3-alpha. o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox): - Fix a memory leak and use-after-free error when removing entries from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on 0.2.5.5-alpha. Patch from "cypherpunks". o Minor bugfixes (portability): - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac Fixes bug 20935; bugfix on 0.2.9.6-rc. o Minor bugfixes (unit tests): - Stop expecting NetBSD unit tests to report success for ipfw. Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha. - Fix tolerances in unit tests for monotonic time comparisons between nanoseconds and microseconds. Previously, we accepted a 10 us difference only, which is not realistic on every platform's clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha. - Remove a double-free in the single onion service unit test. Stop ignoring a return value. Make future changes less error-prone. Fixes bug 20864; bugfix on 0.2.9.6-rc. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] confusion over verification instructions for build verification on Mac OS X
Reading through this: https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification Trying to do this on Mac OS X. `shasum -a 256 .dmg` clearly gives me a checksum that doesn't match the one in the "sha256sums-unsigned-build.txt" file. Tried it with 6.0.6 and 6.0.7. From what I understand, if the PGP signature is valid that confirms the package wasn't tampered with. But it is confusing and disturbing to a newbie to try this and get a mismatched checksum. Please modify these instructions so it's clear what this process is and what you have to do to get it to work because it doesn't work "out of the box" for Mac OS X. Thanks-- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Is Tor 32 bit only?
I was just wondering if you compile Tor on a 64 bit Linux distro, will it make a 64 bit executable? Or is it 32 bit only? Would be nice if it had supported 64 bit processing. -Hikki -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is Tor 32 bit only?
> On 13 Dec 2016, at 01:14, hi...@safe-mail.net wrote: > > I was just wondering if you compile Tor on a 64 bit Linux distro, will it > make a 64 bit executable? Or is it 32 bit only? Would be nice if it had > supported 64 bit processing. Tor has full support for x86_64 (it's the preferred platform, even). Cheers Sebastian -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor-talk Digest, Vol 71, Issue 12
On Sun, 11 Dec 2016 12:00:02 + tor-talk-requ...@lists.torproject.org wrote: > Message: 1 > Date: Sat, 10 Dec 2016 21:15:06 +0100 > From: Jonathan Marquardt > To: tor-talk@lists.torproject.org > Subject: Re: [tor-talk] Fedora repo Tor broken? > Message-ID: <20161210201506.gb17...@parckwart.de> > Content-Type: text/plain; charset=us-ascii > > > Dec 09 11:59:12 localhost Tor[4096]: Couldn't open > > "/var/lib/tor/lock" for locking: Permission denied > > Dec 09 11:59:12 localhost Tor[4096]: set_options(): Bug: Acting on > > config options left us in a broken state. Dying. (on Tor 0.2.8.9 ) > > Dec 09 11:59:12 localhost systemd[1]: tor.service: Main process > > exited, code=exited, status=1/FAILURE > > Dec 09 11:59:12 localhost systemd[1]: Failed to start Anonymizing > > overlay network for TCP. > > Make sure that the user "toranon" is installed on your system and > that the directory /var/lib/tor is recursively owned by this user. > Write permissions are also required. > > chown -R toranon:root /var/lib/tor/ Thanks! The 2nd fixed the problem for me. It occurs on multiple versions of fedora and systems, so it seems like a small bug in the Tor install they should probably fix. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] confusion over verification instructions for build verification on Mac OS X
unsubscribe -Original Message- From: tor-talk [mailto:tor-talk-boun...@lists.torproject.org] On Behalf Of Tor-talk Sent: Tuesday, 13 December 2016 2:49 AM To: tor-talk@lists.torproject.org Subject: [tor-talk] confusion over verification instructions for build verification on Mac OS X Reading through this: https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification Trying to do this on Mac OS X. `shasum -a 256 .dmg` clearly gives me a checksum that doesn't match the one in the "sha256sums-unsigned-build.txt" file. Tried it with 6.0.6 and 6.0.7. From what I understand, if the PGP signature is valid that confirms the package wasn't tampered with. But it is confusing and disturbing to a newbie to try this and get a mismatched checksum. Please modify these instructions so it's clear what this process is and what you have to do to get it to work because it doesn't work "out of the box" for Mac OS X. Thanks-- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] How to unsubscribe (was Re: confusion over verification instructions for build verification on Mac OS X)
On Tue, Dec 13, 2016 at 04:33:16AM +, Jedd Casella wrote: > unsubscribe >[...] > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk These instructions are at the bottom of every post to the list. They are the right way to unsubscribe from the list. (See close to the bottom where it says "To unsubscribe from tor-talk, ...") --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
