[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor control spec



Greetings everyone.

I had some questions asked to me about the control spec, if you know
the answers, I would greatly appreciate to find out. I am speaking
with the PuTTY developer about adding a control mechanism to PuTTY as
well. Obviously this stuff is better directed at Nick and Roger.

  - What Windows IPC mechanism provides such a data channel
    conveniently? (I _think_ the answer is `named pipes', but I have
    yet to try using one.)
     + In particular, you need to handle inter-process security
       correctly: Windows machines _can_ have multiple users even if
       it isn't the normal mode of use, so the control port needs to
       be resistant to connections from unauthorised processes. A
       local TCP socket, in particular, is definitely unacceptable.
       Unix domain sockets are obviously the right thing on Unix, but
       Windows?

Further, here are some questions about the security and implementation
of such an idea. These are unrelated to OR of course.

  - How do the controlled process (for these purposes, the server)
    and its controller (the client) initially get in touch with one
    another? Having a central well known name for the server's named
    pipe or socket or whatever is adequate for a monolithic
    application such as Firefox which can simply enforce only ever
    having one instance running, but it doesn't cut it for PuTTY
    which can have more than one. Options include
     + having a subprocess on a well known port which tracks all the
       other running instances (complex, fragile, administratively
       inconvenient)
     + having the first PuTTY to start up be that tracker in addition
       to its other duties (even more complex and fragile, especially
       when it somehow has to hand over control to another PuTTY when
       the first one shuts down)
     + allocating sockets upwards from zero in a numbered space
       (expensive for the client to enumerate them, and difficult for
       it to know when it's found them all)
     + only allocating a control socket when the user specifically
       asks for one, and giving it a user-specified name (of very
       limited usefulness compared to a solution which doesn't
       require explicit cooperation between the processes)
     + some other approach specific to the IPC mechanism being used
     + something else?

New version of Torpark about to be released, Torbird is about to go to
press release this november.
     
Regards,
Steve