Re: [tor-talk] SELinux issue with Tor?

2016-08-14 Thread grarpamp 
On 8/14/16, Jeremy Rand  wrote:
> my inquiry

Insufficient info to resolve.

> a link to information

https://en.wikipedia.org/wiki/Security-Enhanced_Linux
https://www.google.com/search?q=selinux+manual
http://selinuxproject.org/page/Main_Page
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] SELinux issue with Tor?

2016-08-14 Thread Jeremy Rand 
grarpamp:
> On 8/13/16, Jeremy Rand  wrote:
>> #zeronet IRC
>> I've obtained permission to post a partial chatlog.
> 
> It's a public channel, on an insecure server, plugged into clearnet.
> Do you have any idea how many users, publicly accessible archives,
> corporate bots, and NSA drones, have and even publish a copy of IRC... lots.
> Permission has no relavant context there. Users believing public IRC is
> somehow transient, private, unrecorded, etc... that's downright foolish.
> If you want secrecy / deniability, etc, try using or developing something
> else, good luck, it's no easy task.

Lots of things are trivially easy and extremely common, that I choose
not to do out of politeness (not for security reasons).  Posting
chatlogs of other people is one of them.  No implication of
secrecy/deniability was intended.

>> I'm curious if this is intended behavior by Tor.  Chatlog below:
>> ...
>>  According to SELinux tor wants to mount a filesystem on
>> /var/lib/tor, what sounds weird
> 
> Most GNU/Linux are hard to learn due to unnecessary abstraction layers,
> thus time spent learning or gutting them first instead of learning unix.
> Learn more unix and the answer to the behavior will become obvious.
> The following links may be of help...
> http://www.linuxfromscratch.org/
> http://www.freebsd.org/
> http://www.openbsd.org/
> https://www.google.com/?q=unix+introduction

I had never heard of this "Google" thing; are you telling me that all
the information of the world can be obtained by average me just by
figuring out what incantation of search terms to type in?

(Of course, perhaps a link to information that actually answers my
inquiry without me needing to guess the incantation would be even more
helpful.)

>> fiction -- I'm already aware that Tor isn't backdoored by the Pentagon
> 
> Abject backdooring is different from selective funding to areas
> that are not a threat to the funder. It's been hashed to death...
> in the public archives, no permission needed.

Who said anything about selective funding?  I simply was aware that
there are a number of people who regularly accuse Tor of being
backdoored, and I wanted to make certain that my joke wasn't miscontrued
as one of those statements, since text-based communication is frequently
miscontrued.  As a developer who has decided not to pursue certain
funding sources due to "selective funding" issues that I find ethically
concerning, I am certainly well aware of those issues.

Cheers,
-Jeremy



signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] SELinux issue with Tor?

2016-08-14 Thread grarpamp 
On 8/13/16, Jeremy Rand  wrote:
> #zeronet IRC
> I've obtained permission to post a partial chatlog.

It's a public channel, on an insecure server, plugged into clearnet.
Do you have any idea how many users, publicly accessible archives,
corporate bots, and NSA drones, have and even publish a copy of IRC... lots.
Permission has no relavant context there. Users believing public IRC is
somehow transient, private, unrecorded, etc... that's downright foolish.
If you want secrecy / deniability, etc, try using or developing something
else, good luck, it's no easy task.

> I'm curious if this is intended behavior by Tor.  Chatlog below:
> ...
>  According to SELinux tor wants to mount a filesystem on
> /var/lib/tor, what sounds weird

Most GNU/Linux are hard to learn due to unnecessary abstraction layers,
thus time spent learning or gutting them first instead of learning unix.
Learn more unix and the answer to the behavior will become obvious.
The following links may be of help...
http://www.linuxfromscratch.org/
http://www.freebsd.org/
http://www.openbsd.org/
https://www.google.com/?q=unix+introduction

> fiction -- I'm already aware that Tor isn't backdoored by the Pentagon

Abject backdooring is different from selective funding to areas
that are not a threat to the funder. It's been hashed to death...
in the public archives, no permission needed.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] SELinux issue with Tor?

2016-08-13 Thread Jeremy Rand 
Hey,

Someone reported a weird SELinux issue with Tor on the #zeronet IRC
earlier today.  I've obtained permission to post a partial chatlog, as
I'm curious if this is intended behavior by Tor.  Chatlog below:

 Someone fucked up Tor in my distro and I can't use it now,
ZeroNet still tries to use the fucked up Tor, so I can't do… anything
 nvm, there's zeronet.conf
 pskosinski, might I ask what distro has a broken Tor?
* Jeremy_Rand_2 wants to make a mental note to avoid that distro like
the plague
 Jeremy_Rand_2: Well, so far I had not much time to check if
it's not reported yet or it's not my fault… Anyway, it seem to not work
well in Fedora 24 after last update
 Anyway, it was working, I did not change anything, updated,
doesn't work, SELinux throws alerts
 pskosinski, oh, that's unfortunate, I use Qubes-Fedora
for some of my stuff.  (although I use Fedora 23)
 pskosinski, although my Tor stuff is running in Whonix
* Jeremy_Rand_2 tries to come up with a justification involving Fedora
being advertised as bleeding-edge, but fails because Tor being bricked
by SELinux should be really easy to notice in QA
 According to SELinux tor wants to mount a filesystem on
/var/lib/tor, what sounds weird
 Do I have NSA-version of tor or what
 So seems good that SELinux is preventing that, the question
why is tor trying to do that
 pskosinski, lemme get this, a security system created by
NSA is stopping a suspected NSA-backdoored version of software created
by the Pentagon from operating
 I love the world of infosec these days
 ;p
 It's better than fiction

Sincere apologies if this behavior is documented somewhere already.
(Also, my reference to onion routing being created by the Pentagon was
purely commentary on how the field of infosec is more interesting than
fiction -- I'm already aware that Tor isn't backdoored by the Pentagon,
please don't think that I was implying that.)

Anyway, if anyone might be able to comment on whether this is intended
behavior, what the purpose is, and whether anyone else has encountered
this issue in Fedora (or any other distros), that would be greatly
appreciated.

Cheers,
-Jeremy Rand



signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk