Page MenuHomePhabricator
Create Task
Maniphest T357

uwt: set AllowOutboundLocalhost / AllowInbound and abolish UWT_DEV_PASSTHROUGH / uwt circumvention hack
Closed, ResolvedPublic
Actions

Description

Quote https://lists.torproject.org/pipermail/tor-talk/2015-May/037979.html:

  • AllowOutboundLocalhost option allows torsocks to connect to a localhost address.

It might help to abolish to whole UWT_DEV_PASSTHROUGH hack / uwt circumvention confusion, explanation.

Debian version 9 codename Stretch /etc/tor/torsocks.conf

# Set Torsocks to accept inbound connections. If set to 1, listen() and
# accept() will be allowed to be used with non localhost address. (Default: 0)
#AllowInbound 1
# Set Torsocks to allow outbound connections to the loopback interface.
# If set to 1, connect() will be allowed to be used to the loopback interface
# bypassing Tor. If set to 2, in addition to TCP connect(), UDP operations to
# the loopback interface will also be allowed, bypassing Tor. This option
# should not be used by most users. (Default: 0)
#AllowOutboundLocalhost 1

TODO:

  • Test the new torsocks AllowOutboundLocalhost option.
  • Consider setting this option by default.
  • Depending on above, consider removing UWT_DEV_PASSTHROUGH from Whonix code everywhere. (grep -r UWT_DEV_PASSTHROUGH *)

Details

Impact
Normal

Event Timeline

Patrick created this task.Jun 17 2015, 7:54 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix, uwt, Debian version 9 codename Stretch.
Patrick set Impact to Normal.
Patrick added subscribers: troubadour, WhonixQubes, HulaHoop, Patrick.
Patrick added a project: Whonix 14.Jan 18 2017, 6:59 AM
Patrick edited projects, added Whonix 15; removed Whonix 14.Jan 18 2017, 9:23 AM
Patrick edited projects, added Whonix 14; removed Whonix 15.Jan 18 2017, 9:45 AM

https://github.com/Whonix/uwt/commit/86d553a63a3a90d7e9b57edc9e2998df6cc17a70

Patrick renamed this task from uwt: set AllowOutboundLocalhost to abolish UWT_DEV_PASSTHROUGH / uwt circumvention hack to uwt: set AllowOutboundLocalhost / AllowInbound and abolish UWT_DEV_PASSTHROUGH / uwt circumvention hack.Jan 18 2017, 9:48 AM
Patrick updated the task description. (Show Details)
Patrick added a comment.Jan 18 2017, 10:00 AM

/etc/tor/torsocks.conf AllowInbound 1 - safe in Whonix-Workstation and can help making Tor hidden services based servers work.

https://github.com/Whonix/uwt/commit/b7d4101af1c7d8c95872b03abb52c0a2bbcda87f

Patrick changed the task status from Open to Review.Jan 18 2017, 10:31 AM
Patrick closed this task as Resolved.Mar 7 2018, 1:21 AM
Patrick claimed this task.
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer