HTTP section - Privoxy install instructions #65
Comments
|
Are you sure Homebrew leaves privoxy running as root? A quick test shows the launch agent is loaded and job is run as the primary user. This point was brought up in #38. Anyway, I'm glad to add instructions for a manual installation of privoxy as well. Thank you |
|
You're right, it runs as the installing user not root. Still and all, my installer creates a non-privileged, non-interative user and group to run as, offering much better security isolation and audit; should that account be compromised the attacker has access to neither an end user account nor the UI. I figured since that was the driving aim of your guide that it'd be a worthwhile improvement to use the packaged installer instead of the Homebrew recipe. It has the side benefit of course that I can offer better support to end users since I'm intimately familiar with the supported installation package. I hope you'll consider these good reasons to update the guide. Cheers, Ian On October 29, 2015 10:56:16 AM EDT, drduh notifications@github.com wrote:
|
|
Sourceforge is blocked by uBlock's default ruleset due to their recent badware policy, and the guide recommends uBlock, so it might be a bit contradictory to link to SF. Any alternative host for the installer? |
|
Ha, ironic! How the mighty are fallen! I don't have an alternate location as yet; we have been considering a move to Github as it goes. I'll tell the other maintainers about uBlock's new rule and see if we can accelerate the process. Thanks for the tip, Ian On October 29, 2015 11:30:44 AM EDT, Dominic Evans notifications@github.com wrote:
|
|
Thank you for the suggestion, Ian. Let me know if you spot any other issues. |
|
Hi again Dominic, So there is now an alternative download URL for the official Privoxy OS http://silvester.org.uk/privoxy_installers/OSX/ Cheers, Ian On 2015-10-29 11:30, Dominic Evans wrote:
My PGP public key |
|
Hi once again! I've now modified that URL to: http://silvester.org.uk/privoxy/OSX/ Also, we're planning to start offering this as an official I do hope you decide to update your guide - like I say the supported Cheers, Ian On 2015-10-31 18:18, Ian Silvester wrote:
My PGP public key |
|
Please have a look at the updated instructions at https://github.com/drduh/OS-X-Security-and-Privacy-Guide#http and let me know if there's any issues. |
|
Hi Dominic, Thanks for going ahead with the change, it's much appreciated. The only Cheers, Ian On 2015-11-04 16:42, drduh wrote:
My PGP public key |
|
I'm not Dominic, but have gone ahead and made your suggested clarification. |
|
Sorry! Didn't realise there were multiple folks involved on the project. Thanks again, Ian On 2015-11-04 16:52, drduh wrote:
My PGP public key |
Hi,
I'm the OS X maintainer for Privoxy. The Homebrew recipe for Privoxy installation is weak in a number of regards, chief among which is that it leaves Privoxy running as root which is of course an unnecessary security risk. The supported installer (available at http://sourceforge.net/projects/ijbswa/files/Macintosh%20%28OS%20X%29/) does not suffer the weaknesses of the Homebrew recipe (it is also as easy to uninstall and includes complete instructions for configuration and obtaining support). Please could you consider altering the HTTP section of your instructions to point readers to this installer instead of using Homebrew?
Separately, many thanks for creating this guide - I've been reading through it with great interest!
Regards,
Ian Silvester
The text was updated successfully, but these errors were encountered: