[tor-bugs] #11376 [Tor]: Provide Privileged and Unprivileged control ports

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 31 00:34:38 UTC 2014 

#11376: Provide Privileged and Unprivileged control ports
-----------------------------+----------------------------
     Reporter:  sysrqb       |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  Tor: 0.2.???
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  needs-proposal
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------------
Changes (by sysrqb):

 * keywords:   => needs-proposal


Old description:

> (This may be a duplicateas I know this has been discussed before, but I
> couldn't find the original if it exists)
>
> The control port has the potential ability to pass sensitive information
> (#3521, #5976, #1949). There may be situations where one controller only
> needs the ability to query and receive a limited amount of information
> and another controller handles the sensitive information. These two
> processes should be able to connect/authenticate to different sockets and
> and thus prevent the first process from receiving sensitive information.
>
> Alternatively, this same isolation can be achieved using the chosen
> authentication mechanism.
>
> Whichever is better (or if both, or another, are chosen), the
> capabilities of the connection should also be configurable via torrc and
> control port. For example, whether a connection is allowed to SETCONF or
> only GETCONF and SETEVENTS, etc. A high level of granularity would be
> ideal.

New description:

 (This may be a duplicate because I know this has been discussed before,
 but I couldn't find the original if it exists)

 The control port has the potential ability to pass sensitive information
 (#3521, #5976, #1949). There may be situations where one controller only
 needs the ability to query and receive a limited amount of information and
 another controller handles the sensitive information. These two processes
 should be able to connect/authenticate to different sockets and and thus
 prevent the first process from receiving sensitive information.

 Alternatively, this same isolation can be achieved using the chosen
 authentication mechanism.

 Whichever is better (or if both, or another, are chosen), the capabilities
 of the connection should also be configurable via torrc and control port.
 For example, whether a connection is allowed to SETCONF or only GETCONF
 and SETEVENTS, etc. A high level of granularity would be ideal.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11376#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list