[tor-bugs] #20337 [Core Tor]: Support abstract namespace AF_UNIX sockets.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 11 03:52:23 UTC 2016
#20337: Support abstract namespace AF_UNIX sockets.
-----------------------------+------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: new
Priority: Low | Milestone: Tor: unspecified
Component: Core Tor | Version: Tor: unspecified
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+------------------------------
Linux has a notion of `abstract` AF_UNIX sockets. This should be
supported both for the control and socks port, as they are convenient and
useful, as long as they are used correctly.
Benefits:
* Easier to bundle. `sun_path` length limitations are dumb, being able
to use an abstract identifier is simpler.
* No need to mess around with creating a directory, arguing over what
permissions the directory and the socket file has.
* The socket goes away when the last reference to the socekt is closed,
removing the need to unlink it.
Downsides:
* There is no access control, at all. Primarily relevant for the
ControlPort, but that has separate mechanisms for restricting access.
* Not wildly useful for sandboxes, since most sandboxing approaches will
unshare/create a new IPC namespace.
* Non-portable.
(0.2.0.3-alpha was the first time we supported AF_UNIX at all)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20337>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list