recognize gnunet-exit as secure transport

2024-11-08 11:31:01 +00:00 · 1984-04-04 00:44:07 +00:00 · 1984-04-04 00:44:07 +00:00 · 18e72b74cc
commit 18e72b74cc
parent 8538a31075
5 changed files with 30 additions and 9 deletions
--- a/5
+++ b/5
@ -11,6 +11,11 @@ vim:nosmarttab:syntax=diff
 | Then again, no. psyced is in low maintenance mode since it roughly
 | does what it should and we need a distributed communication system
 | such as secushare.org anyway.
+________________________________________________________________________
+== LIBPSYC / PSYC2 =====================================================
+¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
+- check packet and variable lengths for sanity before allocating memory
+
 ________________________________________________________________________
 == NUISANCES worth fixing, possibly ====================================
 ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
--- a/world/net/include/net.h
+++ b/world/net/include/net.h
@ -102,6 +102,9 @@
 # endif
 #endif

+// virtual IP network of GNUnet exit service
+#define	IS_GNUNET(ip) abbrev("169.254.86.", ip)
+
 #define HAS_PORT(PORT, PATH)    (defined(PATH) && defined(PORT) && PORT - 0)
 // also need HAS_TLS_PORT() ?

@ -279,6 +282,7 @@
 #define PRIVACY_SURVEILLED	 0
 #define PRIVACY_UNKNOWN  	-1
 #define PRIVACY_MITMX509	23
-#define PRIVACY_REASONABLE	44
+#define PRIVACY_REASONABLE	42
+#define PRIVACY_GOOD		44

 #endif
--- a/world/net/library/tls.c
+++ b/world/net/library/tls.c
@ -186,14 +186,12 @@ string tls_bad_cipher(object sock, string scheme) {
    return 0;
 }

-// Do not use server technologies like psyced for strong
-// privacy or anonymity requirements. Get started using
-// distributed technologies instead. Check out:
-//	http://youbroketheinternet.org
-//	http://secushare.org
-// But if you're happy with half-baked security, here you
-// have it:
-//					-lynX 2015
+// This function handles safety via TLS, Tor and GNUnet. The
+// latter of the three is the distributed system you should
+// be using.  --lynX 2016
+//
+// FIXME: move this function to a different library file...
+//	  "tls" is no longer appropriate
 //
 int probably_private(object source) {
 	// object has no TCP to it. you have to ask its circuit.
@ -214,6 +212,15 @@ int probably_private(object source) {
 	// only the server itself could be considered secure.
 	//
 	) return PRIVACY_REASONABLE;
+	//
+	// Coming from GNUnet means that we are ourselves a
+	// GNUnet node. This increases the chances that we
+	// are a private individual's machine in a private
+	// home rather than a server in a computing centre.
+	// Let's guess that is good news.
+	//
+        if (IS_GNUNET(query_ip_number(source))) return PRIVACY_GOOD;
+	//
 #  if __EFUN_DEFINED__(tls_query_connection_state)
 	// Alas, this person is using a TLS/SSL-enhanced
 	// access protocol which, unless the client implements
--- a/world/net/sockets.c
+++ b/world/net/sockets.c
@ -25,6 +25,7 @@ static string safetypin(object o, string ip) {
 	         SECURE_IP_NUMBER(ip) ? "*" :
 #endif
 		 is_localhost(ip) ? "=" :
+		 IS_GNUNET(ip) ? "#" :
 #if __EFUN_DEFINED__(tls_query_connection_state)
 		 tls_query_connection_state(o) ? "+" :
 #endif
--- a/world/net/user.c
+++ b/world/net/user.c
@ -1602,6 +1602,10 @@ logon() {
 # endif
 		);
 	    }
+	} else {
+	    unless (beQuiet) w("_status_circuit_encryption_good",
+		// FIXME: just for fun.. if we want to keep it, it belongs into the textdb
+		"Congratulations. You are using GNUnet's forward secret end-to-end encryption.");
 	}
 #endif
 	// cannot if (greeting) here this since jabber:iq:auth depends on this