On Fri, 14 Oct 2011 12:00:15 +0200 Marco Bonetti <si...@slackware.it> wrote:
> ----- Original Message ----- > > it's files to debian-tor with: chown -R debian-tor tor-browser_en-US/ > maybe "chown -R debian-tor:debian-tor tor-browser_en-US/" should be a little > better Mixing permissions from "local-browser-tor" from TBB and "global-system-debian-package-tor" seems to be an unnecessary confusion. > > xhost + & sudo -u debian-tor /tor-browser_en-US/start-tor-browser > as already pointed out, "xhost +" is a bit too wide open, try with "xhost > local:" to accept only localhost X11 connections > It's still too broad permission: any user from localhost can connect to Xserver In xhost command username can be specifyed. IMHO it's still a dangerous way. Debian/Linux/(other Unix-like) has two choices now: 1. Officialy recommended: use TBB as is, starting from start-tor-browser.sh, with Vidallia and "local-tor with-users-rights" -- from your own username. 2. Risky and complex if configured mistakenly: also use start-tor-browser.sh but just to start TBB-FF (avoiding new restrictive measures), then kill -9 Vidallia and local Tor and use firewall to send your traffic to system-tor. 2-nd point is actual if you use different tor profiles, transparently anonimyzing (with iptables + system tor), anonymizing routers, virtual machines, parallel running separated X-sessions, global SELinux policies, etc. I trying discuss it before: https://lists.torproject.org/pipermail/tor-talk/2011-October/021739.html You can follow this tread and find working solution. Use it at your own risk! Will be better if TBB provide officialy options for using system Tor-daemon for Linux users. Self-made measures is the best way to "shoot yourself in the foot", but very restrictive and rigide ways to use current TBB are "unix-unfriendly" overmuch. I think some secure, officially adopted, broadly tested tradeoff between advanced and unexperienced using of Tor in Unix-like is needed. First step may be an option (non-default) in some config to start T-Browser without bundling it to local Tor and Vidallia. I hope that developers finds a way to give users a choice for experimenting even though this choice is potentialy way to "shoot yourself in the foot". _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk