[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there
#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+--------------------
Reporter: yurivict271 | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: general | Version:
Resolution: wontfix | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------
Changes (by atagar):
* status: new => closed
* resolution: => wontfix
Comment:
>> Maybe tor should provide a ControlPort instance out of the box, and if
it does, sure, it should be an AF_UNIX socket on systems that have
AF_UNIX. But it currently does not, and if things were to change that way,
then what's the point of a magic superuser socket in the first place.
>
> Yes, tor should have always-on UNIX socket for ControlPort.
[[BR]]
Really this ticket boils down to just this, 'please make the
ControlPort/Socket on by default'. This is gonna be a tough sell. For a
security focused application like tor making the control interfact opt-in
makes tor safer by default.
As Yawning said, we're not in the business of dictating policy. Package
managers are welcome to chose whatever default torrc they'd like. Feel
free to ask them if you want a ControlSocket to be open by default. For
the upstream project though we plan to keep this as-is unless Nick changes
his mind (and from irc it sounds as though he's not inclined).
[[BR]]
> First part is that ControlPort protocol should work through the UNIX
domain socket, I don't think anybody can disagree that this is a better
solution, compared to the localhost port.
[[BR]]
It does. See the ControlSocket option...
https://www.torproject.org/docs/tor-manual.html.en#ControlSocket
As for authetication, both Stem and txtorcon make this transparent. If you
need an example for how to connect or authenticate via any method
manually...
https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-
interface-directly
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs