Re: [Tails-dev] Please review&merge feature/torbutton-1.5.x

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Please review&merge feature/torbutton-1.5.x
Hi,

Alan wrote (26 Apr 2013 16:39:31 GMT) :
> I read the commit log and its diff. Everything seems me fine, but one
> thing: the TOR_SOCKS_PORT set in /etc/environment by commit 6a2de87. It
> seems me dangerous to set the socks port meant for the web browser only
> (for stream isolation) as a global environment variable with such a
> general name.


Nice catch. I agree: if some random piece of software took these
envvars into account, then it would partially defeat our stream
isolation design.

> In addition to that, next commit (6629701) reads:
> [...]
> So I wonder if the previous commit setting environment is actually
> useful.


Nice catch too. But yes, the envvars are needed: I've built an ISO
from experimental with 6a2de870 reverted => iceweasel starts in "Tor
disabled" mode, so I'm afraid we have to set the envvars.

> It it is, I would prefer to set these environment variables set
> for iceweasel only, e.g. in the wrapper that we would probably create
> anyway to solve https://tails.boum.org/todo/dont_autostart_iceweasel/.


Agreed. I'm creating
todo/dont_set_torbutton_environment_variables_globally so that this is
not forgotten.

IMHO this is not a blocker, especially since the branch was merged
already (before you commented on it), and since the freeze is close.
I guess the next release manager, when reviewing each open ticket,
will find that one, and once todo/dont_autostart_iceweasel is
implemented, they'll gather it's now trivial to move the envvars to
the right place and just do it.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc