On 16/10/14 11:48, Mike Perry wrote: > Mike Perry: >> CJ: >>> Hello! >>> >>> just a small update regarding orWall: it's released 1.0.0! >>> There's still *one* annoying issue regarding the tethering, but it >>> should be OK next week. Just have to take some time in order to debug >>> this for good. >> >> I also suggest soliciting input about the DNS issue we discussed where >> DNS queries are done by root on Android 4.3+ unless the >> 'ANDROID_DNS_MODE=local' environment variable is set. Perhaps someone >> will come up with a clever hack to set this env var in a persistent way >> that we haven't thought of, or find some way to write a shim on the DNS >> resolution filesystem socket to enforce what we want. >> >> You could list this on a known issues or FAQ page, or in your bugtracker >> I guess. Making root/UID 0 handle DNS is also a security risk, and I'm >> very surprised the Android team thought this was a good idea. :/ > > I just noticed another issue this DNS-as-root snafu causes: The "Enable > Browser" option seems to leave the UID 0 DNS redirect rule in place, > which causes DNS lookups to fail if Tor is unreachable, which in turn > makes most captive portals unusable (since Tor can't be used to do the > DNS resolution for them).
oh gosh… good catch! I'll update that either today or this weekend. > > I guess for now the only option is to remove the DNS redirect rule for > the duration that the "Enable Browser" option is active? Sucky, but > better than not being able to use captive portals.. No better way to make it work :(. Though captive portal are sucky themselves, but this is another debate ;). Cheers, C. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
