[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user

Subject: Re: [tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 13 Mar 2015 07:20:33 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 13 Mar 2015 03:20:42 -0400
In-reply-to: <046.4c6c963f3b7c13486c8ecf9783e98731@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.4c6c963f3b7c13486c8ecf9783e98731@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15220: Allow SocksSockets writable by arbitrary user
-----------------------------+--------------------------------
     Reporter:  sysrqb       |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by sysrqb):

 Ah, I see I had the same thought as Yawning, with respect to the control
 socket. I tried to write a patch for that, which takes advantage of the
 warning we emit when ControlPort_set is set without any authentication.
 Sadly I couldn't find an elegant way to do it, it seems like we'd need to
 reparse the ControlSocket line again specifically to check if
 WorldWritable was there. An alternative is adding the warning in
 options_act_reversible() after configured_ports is set, but that is
 relatively late in the startup sequence for this.

 It's tested and it works, with a minor tweak. Overall, it does seem a
 little large, but it's not very intrusive. I think if there is an easy way
 to add a warning when the control socket is world readable, then it will
 be beneficial to merge this. If adding the warning is too difficult, then
 I think no merge.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15220#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15246 [Service - git]: Rename arm's git repository to seth
Next by Author: Re: [tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user
Previous by thread: Re: [tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user
Next by thread: Re: [tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user
Index(es):
- Author
- Thread