Page MenuHomePhabricator
Create Task
Maniphest T356

uwt: set TORSOCKS_ISOLATE_PID in Debian Stretch?
Closed, ResolvedPublic
Actions

Description

There isn't a lot information on TORSOCKS_ISOLATE_PID yet. Will be introduced in the torsocks version which is now in Debian version 9 codename Stretch.

Quote https://lists.torproject.org/pipermail/tor-talk/2015-May/037979.html:

  • IsolatePID is a new option that will make torsocks set the SOCKS5 username and password automatically to provide isolation on Tor side.

    You can use this with the -i,--isolate command added or TORSOCKS_ISOLATE_PID env. variable.

It could help to get rid of the whole uwt temporary file creation hack.

Details

Impact
Normal

Related Objects

Event Timeline

Patrick created this task.Jun 17 2015, 7:48 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Debian version 9 codename Stretch, uwt.
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, HulaHoop.
Herald added a project: Whonix. · View Herald TranscriptJun 17 2015, 7:48 PM
Herald added subscribers: WhonixQubes, troubadour. · View Herald Transcript
HulaHoop added a comment.Jun 18 2015, 3:44 AM

It could help to get rid of the whole uwt temporary file creation hack.

Yes.

More information:

https://www.mankier.com/8/torsocks

TORSOCKS_ISOLATE_PID

Set the username and password for the SOCKS5 authentication method to a PID/current time based value automatically. Username and Password MUST NOT be set.

https://lists.torproject.org/pipermail/tor-dev/2015-May/008871.html

*Change IsolatePID password from 42 to 0

*Add automatic per process isolation (IsolatePID)

AFAICT this will be default behavior since we don't set passwords for Tor SOCKS. It will isolate circuits based on different PIDs it detects automatically.

Patrick added a project: Whonix 14.Jan 18 2017, 6:59 AM
Patrick added a comment.Jan 18 2017, 9:37 AM

Not enabled by default.

Debian version 9 codename Stretch /etc/tor/torsocks.conf

# Set Torsocks to use an automatically generated SOCKS5 username/password based
# on the process ID and current time, that makes the connections to Tor use a
# different circuit from other existing streams in Tor on a per-process basis.
# If set, the SOCKS5Username and SOCKS5Password options must not be set.
# (Default: 0)
#IsolatePID 1
Patrick added a comment.Jan 18 2017, 10:03 AM

https://github.com/Whonix/uwt/commit/c2f471d97573680bf00992ac775296da0fe9ac35

Patrick added a comment.Jan 18 2017, 10:06 AM

https://github.com/Whonix/uwt/commit/d1a64bd9a6016ee527b127b380676f97aa1d53ca

Patrick added a comment.Jan 18 2017, 10:08 AM

https://github.com/Whonix/uwt/commit/66447a54d37a88a78bb9a2056cd410c0c2bf12ab

Patrick changed the task status from Open to Review.Jan 18 2017, 10:25 AM

https://www.whonix.org/wiki/Stream_Isolation#Whonix_14_and_above

Patrick mentioned this in T65: drop uwt as soon as torsocks gets native stream isolation support.Jan 18 2017, 10:33 AM
Patrick closed this task as Resolved.Mar 7 2018, 1:16 AM
Patrick claimed this task.
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer