myDSL Extensions (deprecated) :: MyDSL with TOR and Privoxy



Could we take the ELE tor and put it in the newest DSL?

I think this would be a great addition to a portable OS.

Just finished making a very basic combined Privoxy/Tor package, and will hopefylly be submiting it soon.

Tor is compiled with a static libevent.
I have tested it on a vanilla DSL install, and everything works fine.
For now it's a tar.gz, and everything is running from /opt/


Its missing an installer script for starting at boot, and a automatic setup for firefox/dillo would be nice.

In the current version you have to launch privoxy/tor manually, and set up your proxy in the options of your app.
So shell scripters are welcome to help


I am currently fixing some general uglyness and  placement of configs
I'll try posting any progress at my Blog:
http://www.damnsmalllinux.org/talk/blog/414
*Edit: nothing in my blog yet...*

If sombody wants to be my "beta tester", PM me and I can send you my current version.
And any ideas/suggestions/tips would be appreciated.

Blurg, which version of Tor did you use to build your dsl?

It's just that versions prior to 0.1.0.10 apparently had a potentially serious security bug.  See below (which was reposted on alt.privacy).  

(Just in case you weren't aware of it. :=) )
------------------------------------------------------

Date:  Thu, 16 Jun 2005 18:15:33 -0400
From:  Roger Dingledine <x...@mit.edu>
To:  xxxxxxxxx...@freehaven.net
Subject:  Security bug in 0.0.9.x Tor servers
Message-ID:  <20050616221533.GN29034@localhost.localdomain>

Hi folks,

The Tor 0.1.0.10 release from a few days ago includes a fix for a bug
that might allow an attacker to read arbitrary memory (maybe even keys)
from an exit server's process space. We haven't heard any reports of
exploits yet, but hey.

So, I recommend that you all upgrade to 0.1.0.10.

If you absolutely cannot upgrade yet (for example if you're the Debian Tor
packager and your distribution is too stubborn to upgrade past libevent
1.0b, which has known crash bugs), I've included a patched tarball for
the old 0.0.9 series at:
http://tor.eff.org/dist/tor-0. 0.9.10.tar.gz
http://tor.eff.org/dist/tor-0. 0.9.10.tar.gz.asc

- --Roger
///
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQr6/zAEP2l8iXKAJAQIM/AMghmXWL8+OASDTUFp/S2bIe6wIaG5kIpdz
UUZOdycamtWYoSX1c255tlC6DQE4Ir+Dxi36Cp2b6GnRH2aj/R1AOzQkTrtqbGVH
AIPUHf/TW4wbijpCgSrbQmz8NvYJR+77L9fSlA==
=hOqw
-----END PGP SIGNATURE-----

Thanks for the tip, I had read about that one, But keep me updated if you hear about any more bugs.

For now I have already submitted an extention with:
Tor: 0.1.0.14 Privoxy: 3.0.3 and Libevent: 1.1a
Hopefully it will be aproved shortly

Tor and privoxy can now be found in the my-dsl testing section.

Test it and write stuff here, or send me a pm if you have problems using it.

To set up Firefox:
go to Tools-->Options-->General-->Connection Settings-->Manual Proxy Configuration
And put the adress 127.0.0.1 and port nr 8118 in http and ssl

For links:
Start it up (eg. run a shell, and type: links)
Hit F10, use the arrow keys to find Setup, down to network options, and put 127.0.0.1:8118 in the http proxy options

For dillo:
Edit the file ~/.dillo/dillorc
and put in the line:
http_proxy=127.0.0.1:8118

The next version of tor should hopefully do this on load.

Also, tor and privoxy now runs as the user dsl

If anyone has ideas about the security aspects on this, please let me know.
Im thinking of making it chroot, but that wold make it dependent on the gnu-utils package...
And I'm unsure if it has any impact, as dsl is pretty hack proof as-is.

Next Page...
original here.