[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 193: Safe cookie authentication



On Feb 10, 2012, at 12:02 AM, Robert Ransom wrote:
> The sole exception to ‘non-safe cookie authentication must die’ is
> when a controller knows that it is connected to a server process with
> equal or greater access to the same filesystem it has access to.  In
> practice, this means ‘only if you're completely sure that Tor is
> running in the same user account as the controller, and you're
> completely sure that you're connected to Tor’, and no controller is
> sure of either of those.

Why is it so hard to do this? Can't we tell controllers to do a
check of permissions, and only if they can't be sure refuse to use the
requested path by default unless a config whitelist or user prompt
allows it? I think that's a lot easier to implement for controllers, and
I just don't really see the huge threat here. If you have malicious
system-wide software on your host, you lost anyway.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev