[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16004 [Tor]: Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints
#16004: Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints
-----------------------------+----------------------------------------
Reporter: anon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords: tor-core, isolation, lorax
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------------------
Changes (by yawning):
* keywords: => tor-core, isolation, lorax
* version: => Tor: unspecified
* milestone: => Tor: 0.2.???
Comment:
Better than `SCM_CREDENTIALS`/`SCM_CREDS` would be to use the equally non-
portable (but easier to use) socket options that return the relevant
tuple. `SO_PEERCRED` on Linux, `LOCAL_PEERCRED` (`SOL_SOCKET`) on
FreeBSD, `LOCAL_PEERCRED` (`SOL_LOCAL`) on Darwin.
This is a dead trivial amount of code to add, so I could see it being
really nice for 0.2.7.x if someone has time to write a good implementation
of it (and I may, if I can spare a hour or two). It's particularly
appealing for torsocks, since once AF_UNIX backed socket support lands
there, it will automagically get strong-ish isolation.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16004#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs