[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there



#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+-----------------
     Reporter:  yurivict271  |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  general      |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------
Changes (by yawning):

 * cc: atagar (added)


Comment:

 [ccing atagar since he does a lot of control port stuff]

 Replying to [comment:2 yurivict271]:
 > Cookie authentication requires this line in torrc:
 > CookieAuthentication 1
 >
 > Imagine this: package manager installs tor package (by default with no
 cookie authentication in torrc), then my service package. Then services
 are started automatically, how can my service change config?
 CookieAuthentication is not set, and I have to write torrc again.

 This sounds like something that's the package manger/user's problem.  In
 general I would be against adding something like this, unless it was
 runtime configurable and defaulted to off, defeating the purpose of adding
 this feature in the first place.

 IMO it is not tor's business to dictate policy, and having a magical unix
 socket only for the superuser (which isn't the user tor is running as on a
 sane system), is dictating policy (a magical unix socket for the tor user
 is equivalent to enabling CookieAuthentication).

 FWIW: https://gitweb.torproject.org/debian/tor.git/tree/debian/tor-
 service-defaults-torrc

 > So cookie authentication is not the same.

 Fair enough.

 What do you envision happening if a user happens to run more than 1 tor
 instance on a given box, and how will you disambiguate the various
 directories under `/tmp`?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs