[tor-commits] [torspec/master] Document cookie-based authentication protocols in the right place
nickm at torproject.org
nickm at torproject.org
Mon Mar 26 18:18:48 UTC 2012
commit 4f92a352429b8cf044f4299603baa2d9775ba1ac
Author: Robert Ransom <rransom.8774 at gmail.com>
Date: Mon Feb 20 08:59:47 2012 -0800
Document cookie-based authentication protocols in the right place
---
control-spec.txt | 22 ++++++++++++++++++++--
1 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/control-spec.txt b/control-spec.txt
index f583372..a838122 100644
--- a/control-spec.txt
+++ b/control-spec.txt
@@ -2104,8 +2104,26 @@
If the 'CookieAuthentication' option is true, Tor writes a "magic
cookie" file named "control_auth_cookie" into its data directory (or
to another file specified in the 'CookieAuthFile' option). To
- authenticate, the controller must send the contents of this file,
- encoded in hexadecimal.
+ authenticate, the controller must demonstrate that it can read the
+ contents of the cookie file:
+
+ * Versions of Tor before 0.2.4.1-alpha support cookie authentication
+ using the "COOKIE" authentication method: the controller sends the
+ contents of the cookie file, encoded in hexadecimal. This
+ authentication method exposes the user running a controller to an
+ unintended information disclosure attack whenever the controller
+ has greater filesystem read access than the process that it has
+ connected to. (Note that a controller may connect to a process
+ other than Tor.) It is almost never safe to use, even if the
+ controller's user has explicitly specified which filename to read
+ an authentication cookie from. For this reason, the COOKIE
+ authentication method has been deprecated and will be removed from
+ Tor before version 0.2.4.1-alpha.
+
+ * 0.2.2.x versions of Tor after 0.2.2.XXXX, and all versions of Tor
+ after 0.2.3.XXXX-alpha, support cookie authentication using the
+ "SAFECOOKIE" authentication method, which discloses much less
+ information about the contents of the cookie file.
If the 'HashedControlPassword' option is set, it must contain the salted
hash of a secret password. The salted hash is computed according to the
More information about the tor-commits
mailing list