anonym: > Patrick Schleizer: >> Hi there, >> >> sorry for the delay, I got side tracked with other stuff. >> >> My first and summary impression is, that this is looking excellent! > > \o/ > >> ./tor-controlport-filter --listen-address 9052 >> Tor control port filter started, listening on 9052:9051 >> >> Do you see any reason in Whonix not to use the following...? >> >> match-hosts: >> - '*' > > Principle of least privilege and defense in depth, I guess. If your > threat model supports that any host with access to the gateway can use > the Tor control port, then it's fine. Otherwise, perhaps you solve it on > the firewall-level instead. But if a static address is used for the > workstation, and its the only expected client, then I think locking it > down is a good idea, especially when it is so cheap (just a static > configuration).
We don't have static addresses in Qubes-Whonix yet. Will come in Qubes 4.0. Then indeed match-hosts will be a great feature for us. >> What I found confusing is, that "SIGNAL NEWNYM" is allowed, but being >> case sensitive, i.e. "signal newnym" being blocked. > > The command ("SIGNAL") is not case sensitive (e.g. "signal NEWNYM" is > eq. to "SIGNAL NEWNYM") per the Tor control port specification, and the > filter knows this. For arguments it depends on the command, and for > simplicity the filter tries to understand as little as possible of the > underlying language, so the responsibility is on the author of the > config file. However, it's fairly easy to profile an application with > the --complain option so I'm not worried about this being an issue. Okay. >> What do you suggest Whonix should use to pass --listen-address? A system >> drop-in file overwriting ExecStart? > > Yes, an override like that seems like the way to go. Alright. :) Cheers, Patrick _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.