* Re: flag to use tor
2020-11-17 5:13 flag to use tor Richard Stallman
@ 2020-11-17 5:30 ` Jean Louis
2020-11-17 6:31 ` Max Zettlmeißl
` (2 subsequent siblings)
3 siblings, 0 replies; 10+ messages in thread
From: Jean Louis @ 2020-11-17 5:30 UTC (permalink / raw)
To: Richard Stallman; +Cc: emacs-devel
* Richard Stallman <rms@gnu.org> [2020-11-17 08:14]:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> Many Emacs commands connect to internet sites for various reasons.
> vc does so, M-x irc does so, and I don't know how much else.
>
> I want to connect through Tor all the time, but sometimes these
> commands betray me. I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages make.
Good way to go is to launch Emacs by using `torify' command:
$ torify emacs
torify is now just a wrapper around torsocks(1) for backwards compatibility.
Usage: /usr/bin/torify [-hv] <command> [<options>...]
It then makes sure (but not sure how sure) that Internet that uses
that command goes over Tor.
> A super-simple approach is to have a switch with two settings: Tor, or
> not Tor. A more complex feature would give a systematic way to
> specify exceptions.
It would be good to have option in Emacs that enables torsocks for any
Internet operation, something like torsocks-mode.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-17 5:13 flag to use tor Richard Stallman
2020-11-17 5:30 ` Jean Louis
@ 2020-11-17 6:31 ` Max Zettlmeißl
2020-11-17 7:59 ` Colin Baxter
2020-11-17 12:43 ` Zhu Zihao
3 siblings, 0 replies; 10+ messages in thread
From: Max Zettlmeißl @ 2020-11-17 6:31 UTC (permalink / raw)
To: emacs-devel
On Tue, Nov 17, 2020 at 6:14 AM Richard Stallman <rms@gnu.org> wrote:
> I want to connect through Tor all the time, but sometimes these
> commands betray me. I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages make.
>
> Some packages connect directly in Lisp. and some connect by running
> subprocesses. For the subprocesses, using 'torsocks' is an easy fix.
> The hard part is to change all the packages that need fixing.
I have been missing such a feature too.
The hardest part when not routing every single connection through Tor
on a lower level, is to know whether all connections originating from
Emacs really are going through Tor and I have always been hesitant to
fully trust the solutions which I came up with.
The solution which I trusted most, was running Emacs in a separate
network namespace and routing all the namespace's connections through
Tor.
> A super-simple approach is to have a switch with two settings: Tor, or
> not Tor. A more complex feature would give a systematic way to
> specify exceptions.
I guess a more fine grained approach is required to really provide a
solution to everyone.
One example of a case where one might desire a more fine grained
control: When using tramp mode to edit files on a server, one might
not always be in a position where a connection from a Tor node is
allowed by the server.
I'm in favour of such a facility, but it should not provide a false
sense of security and therefore in my opinion either be implemented
properly or not at all.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-17 5:13 flag to use tor Richard Stallman
2020-11-17 5:30 ` Jean Louis
2020-11-17 6:31 ` Max Zettlmeißl
@ 2020-11-17 7:59 ` Colin Baxter
2020-11-17 8:34 ` Colin Baxter
2020-11-17 12:43 ` Zhu Zihao
3 siblings, 1 reply; 10+ messages in thread
From: Colin Baxter @ 2020-11-17 7:59 UTC (permalink / raw)
To: Richard Stallman; +Cc: emacs-devel
>>>>> Richard Stallman <rms@gnu.org> writes:
> [[[ To any NSA and FBI agents reading my email: please consider
> ]]] [[[ whether defending the US Constitution against all enemies,
> ]]] [[[ foreign or domestic, requires you to follow Snowden's
> example. ]]]
> Many Emacs commands connect to internet sites for various reasons.
> vc does so, M-x irc does so, and I don't know how much else.
> I want to connect through Tor all the time, but sometimes these
> commands betray me. I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages
> make.
> Some packages connect directly in Lisp. and some connect by
> running subprocesses. For the subprocesses, using 'torsocks' is
> an easy fix. The hard part is to change all the packages that
> need fixing.
> A super-simple approach is to have a switch with two settings:
> Tor, or not Tor. A more complex feature would give a systematic
> way to specify exceptions.
> What do people think?
I run tor and then launch an xterm using proxychains using
proxychains /usr/bin/xterm <RET>.
I have
socks4 127.0.0.1 9050
in my ~/.proxychains.conf. This ensures that proxychains uses tor. I then
launch emacs in the xterm as a gui or with '-nw'.
Best wishes,
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-17 5:13 flag to use tor Richard Stallman
` (2 preceding siblings ...)
2020-11-17 7:59 ` Colin Baxter
@ 2020-11-17 12:43 ` Zhu Zihao
2020-11-21 5:04 ` Richard Stallman
2020-11-22 16:01 ` Tomas Hlavaty
3 siblings, 2 replies; 10+ messages in thread
From: Zhu Zihao @ 2020-11-17 12:43 UTC (permalink / raw)
To: rms; +Cc: emacs-devel
[-- Attachment #1: Type: text/plain, Size: 1561 bytes --]
What's is torsocks? Is this one?
https://github.com/dgoulet/torsocks
If so, according to its README. Maybe you can use a shell wrapper to
launch emacs
#+BEGIN_SRC
#!/bin/sh
export LD_PRELOAD=/path/to/libtorsocks.so
exec -a "$0" emacs "$@"
#+END_SRC
Emacs, and its subprocess would inherit this environment variable and
allow torsocks to intercept network connection and force them in Tor.
Richard Stallman writes:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> Many Emacs commands connect to internet sites for various reasons.
> vc does so, M-x irc does so, and I don't know how much else.
>
> I want to connect through Tor all the time, but sometimes these
> commands betray me. I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages make.
>
> Some packages connect directly in Lisp. and some connect by running
> subprocesses. For the subprocesses, using 'torsocks' is an easy fix.
> The hard part is to change all the packages that need fixing.
>
> A super-simple approach is to have a switch with two settings: Tor, or
> not Tor. A more complex feature would give a systematic way to
> specify exceptions.
>
> What do people think?
--
Retrieve my PGP public key: https://meta.sr.ht/~citreu.pgp
Zihao
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 515 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-17 12:43 ` Zhu Zihao
@ 2020-11-21 5:04 ` Richard Stallman
2020-11-23 9:33 ` Robert Pluim
2020-11-22 16:01 ` Tomas Hlavaty
1 sibling, 1 reply; 10+ messages in thread
From: Richard Stallman @ 2020-11-21 5:04 UTC (permalink / raw)
To: Zhu Zihao; +Cc: emacs-devel
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> If so, according to its README. Maybe you can use a shell wrapper to
> launch emacs
> #+BEGIN_SRC
> #!/bin/sh
> export LD_PRELOAD=/path/to/libtorsocks.so
> exec -a "$0" emacs "$@"
> #+END_SRC
> Emacs, and its subprocess would inherit this environment variable and
> allow torsocks to intercept network connection and force them in Tor.
I tried a simpler version which simply runs Emacs (and GDB) under
torsocks.
At first it seemed to work. It worked for network sockets.
But then I found operations that failed because they used local sockets.
It seems that torsocks causes even local sockets to try to go via tor
As a result, commands like invoking the browser (to tell the
already-running browser instance to visit a certain URL) fail.
Is there a wizard that knows a way to affect only network communication?
--
Dr Richard Stallman
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-21 5:04 ` Richard Stallman
@ 2020-11-23 9:33 ` Robert Pluim
2020-11-24 5:53 ` Richard Stallman
0 siblings, 1 reply; 10+ messages in thread
From: Robert Pluim @ 2020-11-23 9:33 UTC (permalink / raw)
To: Richard Stallman; +Cc: Zhu Zihao, emacs-devel
Richard Stallman <rms@gnu.org> writes:
> I tried a simpler version which simply runs Emacs (and GDB) under
> torsocks.
>
> At first it seemed to work. It worked for network sockets.
> But then I found operations that failed because they used local sockets.
> It seems that torsocks causes even local sockets to try to go via tor
local unix sockets or network connections to localhost? If the latter,
thereʼs a configuration variable for torsocks to disable torifying
them (see
https://manpages.debian.org/testing/torsocks/torsocks.conf.5.en.html
for details)
Robert
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-23 9:33 ` Robert Pluim
@ 2020-11-24 5:53 ` Richard Stallman
0 siblings, 0 replies; 10+ messages in thread
From: Richard Stallman @ 2020-11-24 5:53 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> > I tried a simpler version which simply runs Emacs (and GDB) under
> > torsocks.
> >
> > At first it seemed to work. It worked for network sockets.
> > But then I found operations that failed because they used local sockets.
> > It seems that torsocks causes even local sockets to try to go via tor
> local unix sockets or network connections to localhost?
I have no idea. I ran the 'icecat' program to specify a URL for my
existing IceCat process to display in a new frame. I suppose that
Firefox has the same feature, but I don't know how it is implemented.
Whatever it does, changing it would not be practical.
I think Emacs needs a facility to do torsocks for all subprocesses
aside from a list of specific exceptions, and for all
open-network-stream connections aside from a list of specific
exceptions. That will provide some flexibility, which running Emacs
itself under torsocks cannot offer.
--
Dr Richard Stallman
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: flag to use tor
2020-11-17 12:43 ` Zhu Zihao
2020-11-21 5:04 ` Richard Stallman
@ 2020-11-22 16:01 ` Tomas Hlavaty
1 sibling, 0 replies; 10+ messages in thread
From: Tomas Hlavaty @ 2020-11-22 16:01 UTC (permalink / raw)
To: emacs-devel
On Tue 17 Nov 2020 at 20:43, Zhu Zihao <all_but_last@163.com> wrote:
> #!/bin/sh
> export LD_PRELOAD=/path/to/libtorsocks.so
> exec -a "$0" emacs "$@"
> [...]
> Emacs, and its subprocess would inherit this environment variable and
> allow torsocks to intercept network connection and force them in Tor.
what if something (e.g. a script) sets the LD_PRELOAD variable to
something different? would it defeat torsocks? do i need to inspect
all such subprocesses and ensure that they use the right LD_PRELOAD
value?
^ permalink raw reply [flat|nested] 10+ messages in thread