Page MenuHomePhabricator
Create Task
Maniphest T357

uwt: set AllowOutboundLocalhost / AllowInbound and abolish UWT_DEV_PASSTHROUGH / uwt circumvention hack
Closed, ResolvedPublic
Actions

Description

Quote https://lists.torproject.org/pipermail/tor-talk/2015-May/037979.html:

  • AllowOutboundLocalhost option allows torsocks to connect to a localhost address.

It might help to abolish to whole UWT_DEV_PASSTHROUGH hack / uwt circumvention confusion, explanation.

Debian version 9 codename Stretch /etc/tor/torsocks.conf

# Set Torsocks to accept inbound connections. If set to 1, listen() and
# accept() will be allowed to be used with non localhost address. (Default: 0)
#AllowInbound 1
# Set Torsocks to allow outbound connections to the loopback interface.
# If set to 1, connect() will be allowed to be used to the loopback interface
# bypassing Tor. If set to 2, in addition to TCP connect(), UDP operations to
# the loopback interface will also be allowed, bypassing Tor. This option
# should not be used by most users. (Default: 0)
#AllowOutboundLocalhost 1

TODO:

  • Test the new torsocks AllowOutboundLocalhost option.
  • Consider setting this option by default.
  • Depending on above, consider removing UWT_DEV_PASSTHROUGH from Whonix code everywhere. (grep -r UWT_DEV_PASSTHROUGH *)

Details

Impact
Normal

Event Timeline

Patrick created this task.Jun 17 2015, 7:54 PM
Patrick updated the task description. (Show Details)
Patrick raised the priority of this task from to Normal.
Patrick added projects: Whonix, uwt, Debian version 9 codename Stretch.
Patrick set Impact to Normal.
Patrick added subscribers: troubadour, WhonixQubes, HulaHoop, Patrick.
Patrick edited projects, added Whonix 15; removed Whonix 14.Jan 18 2017, 9:23 AM
Patrick renamed this task from uwt: set AllowOutboundLocalhost to abolish UWT_DEV_PASSTHROUGH / uwt circumvention hack to uwt: set AllowOutboundLocalhost / AllowInbound and abolish UWT_DEV_PASSTHROUGH / uwt circumvention hack.Jan 18 2017, 9:48 AM
Patrick updated the task description. (Show Details)
Patrick added a comment.Jan 18 2017, 10:00 AM

/etc/tor/torsocks.conf AllowInbound 1 - safe in Whonix-Workstation and can help making Tor hidden services based servers work.

https://github.com/Whonix/uwt/commit/b7d4101af1c7d8c95872b03abb52c0a2bbcda87f

Patrick changed the task status from Open to Review.Jan 18 2017, 10:31 AM
Patrick closed this task as Resolved.Mar 7 2018, 1:21 AM
Patrick claimed this task.
Whonix Issue Tracker · Unread Notifications · Open Issues · Homepage · Blog · Forum · Github · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer