Delivery-Date: Thu, 16 Oct 2014 07:30:34 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BFEE21E0333;
	Thu, 16 Oct 2014 07:30:32 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7CDD630EE6;
	Thu, 16 Oct 2014 11:30:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 3761C30DB2
 for <tor-talk@lists.torproject.org>; Thu, 16 Oct 2014 11:30:24 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id UO06krcJBvjT for <tor-talk@lists.torproject.org>;
 Thu, 16 Oct 2014 11:30:24 +0000 (UTC)
Received: from services.tengu.ch (services.tengu.ch [46.4.46.73])
 by eugeni.torproject.org (Postfix) with ESMTP id F1E0930C34
 for <tor-talk@lists.torproject.org>; Thu, 16 Oct 2014 11:30:23 +0000 (UTC)
Received: by services.tengu.ch (Postfix, from userid 103)
 id AE139100DB5; Thu, 16 Oct 2014 13:30:20 +0200 (CEST)
Received: from [10.10.0.128] (84-73-112-2.dclient.hispeed.ch [84.73.112.2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by services.tengu.ch (Postfix) with ESMTPSA id D5623100149
 for <tor-talk@lists.torproject.org>; Thu, 16 Oct 2014 13:30:19 +0200 (CEST)
Message-ID: <543FAC4A.7000301@tengu.ch>
Date: Thu, 16 Oct 2014 13:30:18 +0200
From: CJ <tor@tengu.ch>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.1.2
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <542E5246.5070006@tengu.ch> <20141003222706.GF9509@torproject.org>
 <20141016094826.GD6668@torproject.org>
In-Reply-To: <20141016094826.GD6668@torproject.org>
Subject: Re: [tor-talk] orWall 1.0.0 released!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>



On 16/10/14 11:48, Mike Perry wrote:
> Mike Perry:
>> CJ:
>>> Hello!
>>>
>>> just a small update regarding orWall: it's released 1.0.0!
>>> There's still *one* annoying issue regarding the tethering, but it
>>> should be OK next week. Just have to take some time in order to debug
>>> this for good.
>>
>> I also suggest soliciting input about the DNS issue we discussed where
>> DNS queries are done by root on Android 4.3+ unless the
>> 'ANDROID_DNS_MODE=3Dlocal' environment variable is set. Perhaps someone
>> will come up with a clever hack to set this env var in a persistent way
>> that we haven't thought of, or find some way to write a shim on the DNS
>> resolution filesystem socket to enforce what we want.
>>
>> You could list this on a known issues or FAQ page, or in your bugtracker
>> I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
>> very surprised the Android team thought this was a good idea. :/
> =

> I just noticed another issue this DNS-as-root snafu causes: The "Enable
> Browser" option seems to leave the UID 0 DNS redirect rule in place,
> which causes DNS lookups to fail if Tor is unreachable, which in turn
> makes most captive portals unusable (since Tor can't be used to do the
> DNS resolution for them).

oh gosh=85 good catch! I'll update that either today or this weekend.

> =

> I guess for now the only option is to remove the DNS redirect rule for
> the duration that the "Enable Browser" option is active? Sucky, but
> better than not being able to use captive portals..

No better way to make it work :(. Though captive portal are sucky
themselves, but this is another debate ;).


Cheers,

C.
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

