[tor-talk] orWall 1.0.0 released!

[CJ]

On 16/10/14 11:48, Mike Perry wrote:
> Mike Perry:
>> CJ:
>>> Hello!
>>>
>>> just a small update regarding orWall: it's released 1.0.0!
>>> There's still *one* annoying issue regarding the tethering, but it
>>> should be OK next week. Just have to take some time in order to debug
>>> this for good.
>>
>> I also suggest soliciting input about the DNS issue we discussed where
>> DNS queries are done by root on Android 4.3+ unless the
>> 'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone
>> will come up with a clever hack to set this env var in a persistent way
>> that we haven't thought of, or find some way to write a shim on the DNS
>> resolution filesystem socket to enforce what we want.
>>
>> You could list this on a known issues or FAQ page, or in your bugtracker
>> I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
>> very surprised the Android team thought this was a good idea. :/
> 
> I just noticed another issue this DNS-as-root snafu causes: The "Enable
> Browser" option seems to leave the UID 0 DNS redirect rule in place,
> which causes DNS lookups to fail if Tor is unreachable, which in turn
> makes most captive portals unusable (since Tor can't be used to do the
> DNS resolution for them).

oh gosh… good catch! I'll update that either today or this weekend.

> 
> I guess for now the only option is to remove the DNS redirect rule for
> the duration that the "Enable Browser" option is active? Sucky, but
> better than not being able to use captive portals..

No better way to make it work :(. Though captive portal are sucky
themselves, but this is another debate ;).


Cheers,

C.