[tor-bugs] #17388 [Tor]: tor refuses to create AF_LOCAL SOCKS sockets accessible by other users
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 20 03:33:34 UTC 2015
#17388: tor refuses to create AF_LOCAL SOCKS sockets accessible by other users
-----------------------------+---------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version: Tor: 0.2.6.10
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+---------------------------
(Copied from https://bugs.debian.org/797341#)
I tried to use this option:
SocksPort unix:/var/run/tor-socks
(And also one in a directory owned by the Tor user with mode 0755.)
But Tor refuses to create the socket:
[warn] Before Tor can create a SOCKS socket in "/var/run/tor-
socks",
the directory "/var/run" needs to exist, and to be accessible only
by the user and group account that is running Tor. (On some Unix
systems, anybody who can list a socket can connect to it, so Tor
is
being careful.)
The point of the socket was to allow access by other users. I don't see
a reason to restrict Unix SOCKS ports this way, since the TCP ports are
already accessible by all. The Unix port could be more secure, because
Tor could get the uid of the client and enforce isolation between users.
This seems like a leftover ControlSocket restriction.
- Michael
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17388>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list