[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there
#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+-----------------
Reporter: yurivict271 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: general | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by yawning):
I'm still firmly against having a control port instance running by
default. That should be something that the packager/system
administrator/user decides, and explicitly enables because the control
port can do really nasty things to the running tor instance.
But I doubt I'll change your mind in this regard.
Replying to [comment:7 yurivict271]:
> So in short it should work this way:
> * Same ControlPort protocol should be supported on the UNIX-domain
socket (suggested name /tmp/tor/ctrl.<pid>)
> * This socket is always on, unlike 127.0.0.1:9100 which is optional
> * This socket reads user credentials of the connected users, and waives
authentication for root. Otherwise authentication works the same.
Why does root get a pass at authentication?
Yes, root can get the credentials anyway fairly trivially, but that along
isn't sufficient reason to allow this. If I'm running tor as the "tor"
system user, or as myself, what business does "root" have at being able to
trivially mess with my tor instance?
This seems like an utterly terrible idea, because it's encouraging people
to run things as root that have no business being ran as root in the first
place. If something like this ever landed in tor and was enabled by
default, the first thing I would do on all of my boxes is to patch my tor
to remove it.
> This modification would be great for tor integration with other systems,
particularly services.
Because what I totally want on my box is running random services that need
to be launched as "root" just so it can talk to my tor instance.
Anyway, I'm done commenting on this ticket. I think my opinions on this
are fairly clear, though it's basically up to nickm.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs