Lock Control Port

[Robert Hogan]

On Sunday 14 October 2007 01:27:58 you wrote:
> On Saturday 13 October 2007 21:27:01 Roger Dingledine wrote:
> > On Sat, Oct 13, 2007 at 10:50:16AM +0100, Robert Hogan wrote:
> > > While we're all still 'getting there', controllers could have the
> > > option of locking the control port if no auth mechanism is enabled, and
> > > even when it is. Given that users tend not to share installations and
> > > most run their controller concurrently with tor at all times this would
> > > be a useful fallback measure.
> >
> > Why not have your controller enable authentication when it connects and
> > doesn't like what it finds? If you want, you can then disable it when
> > you disconnect.
> >
> > This approach would seem to have all the same properties of your
> > lock/unlock without any new commands or code.
>
> Duh. Don't know where I was going with that one.

On second thoughts,  it might be a useful default behaviour to lock the 
control port automatically whenever an unauthenticated connection is made. 
The active controller could then choose to unlock the port once connected.

I can't think of a use-case for more than one simultaneous connection to the 
control port, so even if implicit locking is a bit extreme it might be a good 
idea to notify current control port users when someone else creates a new 
control session, regardless of authentication. It would also be useful to 
learn of any other active control sessions when you first connect. 

The problem with using a random password to 'lock' the control port is that 
the genuine user is locked out if their control session disconnects 
unexpectedly. Of course this shouldn't happen but ...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20071118/77a1ab47/attachment.pgp>