[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] ControlPort "read-only" access?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] ControlPort "read-only" access?
From: Damian Johnson <atagar1@xxxxxxxxx>
Date: Sat, 18 Jun 2011 17:51:41 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 18 Jun 2011 20:51:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=gJCW7svvR6yOJRbSDHbKpROsggOUFf5GX/onA8nsf8k=; b=S/6t0WRq/w2N3RL/ANyU9zTQoOoQYtpxNzX+DOxX4V58nOaimY5dZlV0rwT4B1EoRb oJ5+eg19eugSFx3+Lh64GJLBZx7MPFSXyI6QdOOyRx0glM+uAQ6IIdk/dOJ9WSsitxTT DBLkkVByYoyVMinML8RUAQlwkPqqBN4JERVXY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=prJJmIzP4vtW3FTS6GiIXX2cFEvD/ndSf1yrrrLNk45hMoom02EK9Xgx5Gaa/lq0b0 upxM7KZN2qMl/DJ7ea8e0e7AdtlLbM34Sk6gnClqax7sdBAvf4UGFPYHjXZzgqV5W55o NAV9DUmUPJKrE4Mmt71m6dQ1Dsf9soEm4ElCc=
In-reply-to: <4DFD3997.3020203@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4DFD2161.9090204@xxxxxxxxx> <BANLkTinje8JgV_jtRJhtv6-qevLPkSrf4Q@xxxxxxxxxxxxxx> <4DFD3997.3020203@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

> Is there a trac ticket for this feature request?

Not that I'm aware of. It was mentioned in:
https://lists.torproject.org/pipermail/tor-dev/2010-April/000198.html

"> Second, Jake made a great point that at present if a malicious party
> gets ahold of the control port then the relay's quite effectively
> screwed. The current capabilities of the control port are overkill for
> many controllers (like arm) which are just interested in retrieving
> information from tor (GETINFO options, event listening, etc). To make
> the control port safer we could include a torrc option that makes the
> control port read-only...
>
>   SafeControlPort 0|1
>     Restricts access of the control port to only include read-only operations.
>     (Default: 0)
>
> Making this the default would be a no-go due to vidalia (though still
> a nice option to have...). If this is implemented its setting should
> be part of the PROTOCOLINFO response.

Ah - I'm sorry, I should have been clearer! I meant to suggest another
control port _entirely_:

SafeControlPort Port
SafeControlListenAddress IP[:PORT]
SafeHashedControlPassword

This would mean that you could expose a second control port that is
designed to give generalized, rounded, perhaps even delayed statistical
information to a visualization engine. The first I had in mind was arm
but there could be useful stuff for mrtg or another graphing program. I
don't need or want my graphing programs to have the ability to control
Tor - I just want to get some data out to help me manage my relay.

With that said - I don't think it's a good idea to focus on such a
feature at this time. Work on getting the statistics to your controller
first. When you have a good case for the features being available in a
different, more safe way, you can make it happen."
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] ControlPort "read-only" access?
  - From: tagnaq
- Re: [tor-talk] ControlPort "read-only" access?
  - From: Damian Johnson
- Re: [tor-talk] ControlPort "read-only" access?
  - From: tagnaq

Prev by Author: Re: [tor-talk] ControlPort "read-only" access?
Next by Author: [tor-talk] Banned from IRC. Is there a work-around?
Previous by thread: Re: [tor-talk] ControlPort "read-only" access?
Next by thread: [tor-talk] How to choose to get connected to a specific relay?
Index(es):
- Author
- Thread