Author: Patrick Schleizer Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Tails control port filter proxy in Whonix?
anonym: > Patrick Schleizer:
>> Hi there,
>>
>> sorry for the delay, I got side tracked with other stuff.
>>
>> My first and summary impression is, that this is looking excellent!
>
> \o/
>
>> ./tor-controlport-filter --listen-address 9052
>> Tor control port filter started, listening on 9052:9051
>>
>> Do you see any reason in Whonix not to use the following...?
>>
>> match-hosts:
>> - '*'
>
> Principle of least privilege and defense in depth, I guess. If your
> threat model supports that any host with access to the gateway can use
> the Tor control port, then it's fine. Otherwise, perhaps you solve it on
> the firewall-level instead. But if a static address is used for the
> workstation, and its the only expected client, then I think locking it
> down is a good idea, especially when it is so cheap (just a static
> configuration).
We don't have static addresses in Qubes-Whonix yet. Will come in Qubes
4.0. Then indeed match-hosts will be a great feature for us.
>> What I found confusing is, that "SIGNAL NEWNYM" is allowed, but being
>> case sensitive, i.e. "signal newnym" being blocked.
>
> The command ("SIGNAL") is not case sensitive (e.g. "signal NEWNYM" is
> eq. to "SIGNAL NEWNYM") per the Tor control port specification, and the
> filter knows this. For arguments it depends on the command, and for
> simplicity the filter tries to understand as little as possible of the
> underlying language, so the responsibility is on the author of the
> config file. However, it's fairly easy to profile an application with
> the --complain option so I'm not worried about this being an issue.
Okay.
>> What do you suggest Whonix should use to pass --listen-address? A system
>> drop-in file overwriting ExecStart?
>
> Yes, an override like that seems like the way to go.