[tor-bugs] #6609 [Tor Client]: Proposal to add tor-connect utility to tor-core distribution
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Aug 17 19:02:11 UTC 2012
#6609: Proposal to add tor-connect utility to tor-core distribution
-------------------------+--------------------------------------------------
Reporter: tri | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by tri):
Even though proxy command functionality in software is somehow a bit
kludgy, there is something to be said about it. It's trivial to implement.
And in some cases you can do cool things with it, like enabling creating
automatically nested ssh connections with openssh.
Just patched together an example code that can be used in opening a
connection (returning a socket) but instead of really connecting
somewhere, just creating a socketpair and executing the proxy process in
the other end.
{{{
int proxy_command_connect(const char *proxy_command)
{
int s[2];
pid_t pid;
char * const av[4] = { "/bin/sh", "-c", (char *)proxy_command, NULL };
char * const ev[1] = { NULL };
if (socketpair(AF_LOCAL, SOCK_STREAM, 0, s) != 0)
return -1;
pid = fork();
if (pid < 0) {
close(s[0]);
close(s[1]);
return -1;
}
if (pid == 0) {
#if 0
/* This is just an example of how to drop possible root
privileges. More subtle approach is advisable. */
setgroups(0, NULL);
setgid(-1);
setegid(-1);
setuid(-1);
seteuid(-1);
#endif
close(s[0]);
if (dup2(s[1], fileno(stdin)) < 0)
goto child_error;
if (dup2(s[1], fileno(stdout)) < 0)
goto child_error;
close(s[1]);
s[1] = -1;
execve(av[0], av, ev);
child_error:
if (s[1] >= 0)
close(s[1]);
close(fileno(stdin));
close(fileno(stdout));
close(fileno(stderr));
exit(-1);
}
close(s[1]);
return s[0];
}
}}}
One annoying thing exists, and that is almost no system can create TCP
sockets with socketpair, and if the endpoint for some reason really must
be a TCP socket, it's not nearly as trivial as the code above.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6609#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list