[tor-talk] orWall 1.0.0 released!
Mike Perry
mikeperry at torproject.org
Thu Oct 16 09:48:26 UTC 2014
Mike Perry:
> CJ:
> > Hello!
> >
> > just a small update regarding orWall: it's released 1.0.0!
> > There's still *one* annoying issue regarding the tethering, but it
> > should be OK next week. Just have to take some time in order to debug
> > this for good.
>
> I also suggest soliciting input about the DNS issue we discussed where
> DNS queries are done by root on Android 4.3+ unless the
> 'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone
> will come up with a clever hack to set this env var in a persistent way
> that we haven't thought of, or find some way to write a shim on the DNS
> resolution filesystem socket to enforce what we want.
>
> You could list this on a known issues or FAQ page, or in your bugtracker
> I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
> very surprised the Android team thought this was a good idea. :/
I just noticed another issue this DNS-as-root snafu causes: The "Enable
Browser" option seems to leave the UID 0 DNS redirect rule in place,
which causes DNS lookups to fail if Tor is unreachable, which in turn
makes most captive portals unusable (since Tor can't be used to do the
DNS resolution for them).
I guess for now the only option is to remove the DNS redirect rule for
the duration that the "Enable Browser" option is active? Sucky, but
better than not being able to use captive portals..
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20141016/06e3ea2b/attachment.sig>
More information about the tor-talk
mailing list