[tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 10 11:02:48 UTC 2015
#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+-----------------
Reporter: yurivict271 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: general | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Changes (by yawning):
* cc: atagar (added)
Comment:
[ccing atagar since he does a lot of control port stuff]
Replying to [comment:2 yurivict271]:
> Cookie authentication requires this line in torrc:
> CookieAuthentication 1
>
> Imagine this: package manager installs tor package (by default with no
cookie authentication in torrc), then my service package. Then services
are started automatically, how can my service change config?
CookieAuthentication is not set, and I have to write torrc again.
This sounds like something that's the package manger/user's problem. In
general I would be against adding something like this, unless it was
runtime configurable and defaulted to off, defeating the purpose of adding
this feature in the first place.
IMO it is not tor's business to dictate policy, and having a magical unix
socket only for the superuser (which isn't the user tor is running as on a
sane system), is dictating policy (a magical unix socket for the tor user
is equivalent to enabling CookieAuthentication).
FWIW: https://gitweb.torproject.org/debian/tor.git/tree/debian/tor-
service-defaults-torrc
> So cookie authentication is not the same.
Fair enough.
What do you envision happening if a user happens to run more than 1 tor
instance on a given box, and how will you disambiguate the various
directories under `/tmp`?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list