[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6609 [Tor Client]: Proposal to add tor-connect utility to tor-core distribution
#6609: Proposal to add tor-connect utility to tor-core distribution
-------------------------+--------------------------------------------------
Reporter: tri | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by tri):
Even though proxy command functionality in software is somehow a bit
kludgy, there is something to be said about it. It's trivial to implement.
And in some cases you can do cool things with it, like enabling creating
automatically nested ssh connections with openssh.
Just patched together an example code that can be used in opening a
connection (returning a socket) but instead of really connecting
somewhere, just creating a socketpair and executing the proxy process in
the other end.
{{{
int proxy_command_connect(const char *proxy_command)
{
 int s[2];
 pid_t pid;
 char * const av[4] = { "/bin/sh", "-c", (char *)proxy_command, NULL };
 char * const ev[1] = { NULL };
 if (socketpair(AF_LOCAL, SOCK_STREAM, 0, s) != 0)
  return -1;
 pid = fork();
 if (pid < 0) {
  close(s[0]);
  close(s[1]);
  return -1;
 }
 if (pid == 0) {
#if 0
  /* This is just an example of how to drop possible root
   Âprivileges. ÂMore subtle approach is advisable. */
  setgroups(0, NULL);
  setgid(-1);
  setegid(-1);
  setuid(-1);
  seteuid(-1);
#endif
  close(s[0]);
  if (dup2(s[1], fileno(stdin)) < 0)
   goto child_error;
  if (dup2(s[1], fileno(stdout)) < 0)
   goto child_error;
  close(s[1]);
  s[1] = -1;
  execve(av[0], av, ev);
 child_error:
  if (s[1] >= 0)
   close(s[1]);
  close(fileno(stdin));
  close(fileno(stdout));
  close(fileno(stderr));
  exit(-1);
 }
 close(s[1]);
 return s[0];
}
}}}
One annoying thing exists, and that is almost no system can create TCP
sockets with socketpair, and if the endpoint for some reason really must
be a TCP socket, it's not nearly as trivial as the code above.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6609#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs