[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #17388 [Tor]: tor refuses to create AF_LOCAL SOCKS sockets accessible by other users
#17388: tor refuses to create AF_LOCAL SOCKS sockets accessible by other users
-----------------------------+---------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version: Tor: 0.2.6.10
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+---------------------------
(Copied from https://bugs.debian.org/797341#)
I tried to use this option:
SocksPort unix:/var/run/tor-socks
(And also one in a directory owned by the Tor user with mode 0755.)
But Tor refuses to create the socket:
[warn] Before Tor can create a SOCKS socket in "/var/run/tor-
socks",
the directory "/var/run" needs to exist, and to be accessible only
by the user and group account that is running Tor. (On some Unix
systems, anybody who can list a socket can connect to it, so Tor
is
being careful.)
The point of the socket was to allow access by other users. I don't see
a reason to restrict Unix SOCKS ports this way, since the TCP ports are
already accessible by all. The Unix port could be more secure, because
Tor could get the uid of the client and enforce isolation between users.
This seems like a leftover ControlSocket restriction.
- Michael
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17388>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs