The openntpd package is not installed anymore since commit bf8cc787ce46e9946ab47d5383feb1174da3f22a (20091006). The ntpd user is then non-existent on built amnesia systems.

This user is however mentioned in /etc/firewall.conf. iptables-restore being apparently picky about imperfect configuration files, it refuses to load it, and the firewall-level Tor enforcement is therefore not effective.

Impact

Some applications establish direct connections through the Internet, not using the Tor network at all.

Details:

  • iceweasel is not affected, thanks to the torbutton extension
  • applications that take into account the relevant environment variables (namely http_proxy, HTTP_PROXY, SOCKS_SERVER and SOCKS5_SERVER) are not affected
  • any other application, such as Pidgin or Thunderbird, is probably affected.

Solution

This problem has been fixed in Git commit 9c425e8de13e6b4f885.

Affected versions

No released amnesia version is affected.

Custom images built from Git snapshots equal of after bf8cc787ce46e9946ab47d5383feb1174da3f22a (20091006), and before 9c425e8de13e6b4f885 (excluded), are affected.