Delivery-Date: Sat, 04 Oct 2014 18:27:33 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EDF281E0A86;
	Sat,  4 Oct 2014 18:27:31 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A085421F85;
	Sat,  4 Oct 2014 22:27:27 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 38D25213AA
 for <tor-talk@lists.torproject.org>; Sat,  4 Oct 2014 22:27:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id nMUczrf7IWpa for <tor-talk@lists.torproject.org>;
 Sat,  4 Oct 2014 22:27:22 +0000 (UTC)
Received: from turtles.fscked.org (turtles.fscked.org [76.73.17.194])
 by eugeni.torproject.org (Postfix) with ESMTP id EB92C209A1
 for <tor-talk@lists.torproject.org>; Sat,  4 Oct 2014 22:27:21 +0000 (UTC)
Date: Sat, 4 Oct 2014 15:27:12 -0700
From: Mike Perry <mikeperry@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141004222712.GG9509@torproject.org>
References: <542E5246.5070006@tengu.ch> <20141003222706.GF9509@torproject.org>
 <542F98AC.1090207@tengu.ch>
MIME-Version: 1.0
In-Reply-To: <542F98AC.1090207@tengu.ch>
Subject: Re: [tor-talk] orWall 1.0.0 released!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0284073815532887736=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0284073815532887736==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="c7hkjup166d4FzgN"
Content-Disposition: inline


--c7hkjup166d4FzgN
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

CJ:
> On 04/10/14 00:27, Mike Perry wrote:
> > Also looking forward to the "Logs" window doing something :)
>=20
> Same for me. This part will be complicated due to different kernel
> capabilities:
> some supports LOG target, other NFLOG, and the latter doesn't provide
> any nflog reader in the ROM (heya, Cyanogenmod, you're brain-dead on this=
!).
> Thus it means:
> - detecting which kind of log is supported
> - create some UI in order to activate logs (already have some ideas)
> - inject some binary in the system for nflog support
> - =E2=80=A6 and many other things.

Yeah, sounds messy. Though from the droidwall days, I thought that LOG +
dmesg was the common denominator, but I've been running Cyanogenmod for
a long time...

> Maybe this can be avoided, as AFWall+ is considering providing some
> intents as API end-points. This would mean:
> - install orWall
> - install AFWall+
> and you'll get the best of both worlds, as AFWall will take care of the
> iptables and log interfaces, just executing orWall orders=E2=80=A6

Hrmm. Let's hope that AFWall is being careful with this.=20

I get nervous when I hear that root apps are going to start exposing
APIs and Intents to configure stuff at the request of other apps.

This is especially risky when we're talking about stuff like iptables
commands that are destined for shell/direct execution. There's just too
many ways to mess that up and open up potentially remote exploitable
root holes (which even webpages can sometimes exploit in the case of
Intents).

--=20
Mike Perry

--c7hkjup166d4FzgN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUMHRAAAoJEEEC+JXS8eGGZzsP/29cd3Qrkfn1PV4983i8+iE3
nC12tnMaGyQJhVxWoriUS8Wf55aAklVOUcJ96slXY5F7QSNPk8s3DZcRwfx82MBV
phUy+e/9gts4JBtyruKFq9y04KvGWGpHk2A5Gfx/6kfjbkUWS36cS1OW7J3MsTNR
guvQj8h4PPuxpRfxxYd4lDKvD2JLxaFktYJYw6BgeEBoFBMHyXRtdK1hriFlDM9/
tHP3AxOcoOle39U3/1XZ/u1UVGgEhwJ85y3FrqmgrDmDr8Qyzmm9SrgmN8X6Y7Y9
GCFlbEbq51mB67VBY/6gPZescny1+qyk+RDGtovYk5B5M7rlIJX/cgpPR5tGUJlJ
TJ2qP4WCoidNuT2zCMuL+O/YYpW7mXlypWCmLohgN6YtwKtXrzKxTSo+yPFH4/gE
zaP1pnZSQrNswR9bZ35h5N0pBDIU8qq8shOwwYtBjYFu2RmgFtT5bI9KZ7WY3/2P
BNGP01z/Q0bFWsjU9IOJEH0fEUwtDdq9umXEdyWdm/Ik5awOqVGvUhw2r2f0ZnlY
PGVq8zJ7pMXmZlLSCPxeCxWMY0aeE2fKjdMuxFX0QhYon5MRr1qtg0I82OOdUHZu
Gq8F+5rHoByv2xZcOG3JrQj2IcLlaZdrk9uMeCC+dOdJdXq0vepxpPmYWBiiS5Hs
QS4hE/dQU614UnMuDA8P
=3C+i
-----END PGP SIGNATURE-----

--c7hkjup166d4FzgN--

--===============0284073815532887736==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0284073815532887736==--

