[tor-bugs] #2972 [Tor Client]: Allow ControlSocket to be group writable

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Apr 25 22:20:52 UTC 2011


#2972: Allow ControlSocket to be group writable
-------------------------+--------------------------------------------------
 Reporter:  lunar        |          Owner:                    
     Type:  enhancement  |         Status:  needs_review      
 Priority:  normal       |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client   |        Version:  Tor: unspecified  
 Keywords:               |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by Sebastian):

 Replying to [comment:7 nickm]:
 > I like this idea, but think that depending on the default group seems
 error-prone.  Perhaps instead of a boolean, it could take the name of a
 group, and chgrp the socket before doing the chmod?  That seems less
 likely to wind up with surprising results.

 Do you think the same applies to the case of cookie auth?

 > Finally, the linux unix(7) manpage says:
 > {{{
 > Connecting  to  the
 >        socket  object  requires  read/write permission.  This behavior
 differs
 >        from many BSD-derived systems which ignore permissions for  Unix
 sock‐
 >        ets.  Portable programs should not rely on this feature for
 security.
 > }}}
 >
 > Is this true nowadays?  If so, we shouldn't give people a false sense of
 security by allowing this option where it won't work.

 We should probably disable the ControlSocket option altogether on such
 systems, or at least warn loudly when it is used?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2972#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list