[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Tor control spec
- To: or-talk@xxxxxxxxxxxxx
- Subject: Tor control spec
- From: Arrakistor <arrakistor@xxxxxxxxx>
- Date: Mon, 30 Oct 2006 08:39:01 +0000
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Mon, 30 Oct 2006 09:38:51 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:organization:x-priority:message-id:to:subject:mime-version:content-type:content-transfer-encoding; b=sLRQ2kX+VXwQTf/mBR5R726zh5o6C77yuC3nAqDtTULUih2i6XZuAPn+oNYAOMkCTdtigzHpY9lH9lEk6y7+h7GJ3YAoD3aDvg2KY82QYqozZUYYV2/OIX3W5+GxrN9GQmIGteVKAj8uMKK8KK7mN3xmN0w0vJ4kQlGaCXCAS8g=
- Organization: Torpark
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Greetings everyone.
I had some questions asked to me about the control spec, if you know
the answers, I would greatly appreciate to find out. I am speaking
with the PuTTY developer about adding a control mechanism to PuTTY as
well. Obviously this stuff is better directed at Nick and Roger.
- What Windows IPC mechanism provides such a data channel
conveniently? (I _think_ the answer is `named pipes', but I have
yet to try using one.)
+ In particular, you need to handle inter-process security
correctly: Windows machines _can_ have multiple users even if
it isn't the normal mode of use, so the control port needs to
be resistant to connections from unauthorised processes. A
local TCP socket, in particular, is definitely unacceptable.
Unix domain sockets are obviously the right thing on Unix, but
Windows?
Further, here are some questions about the security and implementation
of such an idea. These are unrelated to OR of course.
- How do the controlled process (for these purposes, the server)
and its controller (the client) initially get in touch with one
another? Having a central well known name for the server's named
pipe or socket or whatever is adequate for a monolithic
application such as Firefox which can simply enforce only ever
having one instance running, but it doesn't cut it for PuTTY
which can have more than one. Options include
+ having a subprocess on a well known port which tracks all the
other running instances (complex, fragile, administratively
inconvenient)
+ having the first PuTTY to start up be that tracker in addition
to its other duties (even more complex and fragile, especially
when it somehow has to hand over control to another PuTTY when
the first one shuts down)
+ allocating sockets upwards from zero in a numbered space
(expensive for the client to enumerate them, and difficult for
it to know when it's found them all)
+ only allocating a control socket when the user specifically
asks for one, and giving it a user-specified name (of very
limited usefulness compared to a solution which doesn't
require explicit cooperation between the processes)
+ some other approach specific to the IPC mechanism being used
+ something else?
New version of Torpark about to be released, Torbird is about to go to
press release this november.
Regards,
Steve