[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2972 [Tor Client]: Allow ControlSocket to be group writable



#2972: Allow ControlSocket to be group writable
-------------------------+--------------------------------------------------
 Reporter:  lunar        |          Owner:                    
     Type:  enhancement  |         Status:  needs_review      
 Priority:  major        |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client   |        Version:  Tor: unspecified  
 Keywords:               |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by nickm):

 So, we found that at least one platform (SunOS 5.11 snv_90 sun4v sparc
 SUNW,T5240), the variant that does a chmod 000 on the socket achieves
 nothing to keep people from accessing it, but the variant that does chmod
 000 on the directory containing the socket successfully prevents access to
 the socket.

 Do we believe that there are unixes that matter where the permissions on a
 directory containing a unix socket aren't checked on attempts to open the
 socket?

 Also, fchmod works on unix sockets on some platforms but not others.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2972#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs