[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there
#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-------------------------+---------------------
Reporter: yurivict271 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: general | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
I suggest that tor should by default listen on the UNIX domain socket (ex.
/tmp/.tor-unix/ctl-privileged) in addition to it currently listening on
the local address 127.0.0.1:9100
Socket /tmp/.tor-unix/ctl-privileged should be owned by root with
restrictive permissions like 0700, and no authentication should be
required from the users (root) connected to it.
Why this is needed: I created the service that needs to modify the torrc,
and currently there is no way to do this in automated way due to the
authentication requirement. So I still have to write the torrc file
directly, risking that my changes will get lost.
The service starts as root, and by the virtue of this has an authority to
modify anything on the system, including torrc, but it still needs the
password to do this the "right" way, which is unreasonable.
Additionally, it would make sense to also maintain /tmp/.tor-unix/ctl UNIX
domain socket with less restrictive permissions which would require an
authentication much like 127.0.0.1:9100 does.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs