[tor-dev] Help complete the list of official & community projects
dawuud
dawuud at riseup.net
Wed Jun 22 18:43:38 UTC 2016
hi,
ROFLCopTor aims to be an exhaustive Tor control port filter daemon written in golang.
https://github.com/subgraph/roflcoptor
maintainer: David Stainton
The Tor control port exposes powerful functionality, much more authority than most applications need when they talk to the Tor control port. In accordance with the principal of least authority [1] each software module would ideally have authority over only the resources needed to perform it's tasks. Here in the context of ROFLCopTor, we seek to illiminate excess authority from applications which utilize the Tor control port, therefore they will not be in the debian-tor group or otherwise have access to the tor control port UNIX domain socket or TCP listener. The only available access to the tor control port being via ROFLCoptor which exposes a TCP listener and or a UNIX domain socket. Applications can be allowed to authenticate with ROFLCoptor but this isn't necessary because the filtration policy is applied based on the client application's exec path which is discovered by matching the socket inode via the Linux proc filesystem.
[1] - The Structure of Authority: Why Security Is not a Separable Concern
http://www.erights.org/talks/no-sep/secnotsep.pdf
On Tue, Jun 21, 2016 at 06:19:13PM +0000, isis agora lovecruft wrote:
> Nima Fatemi transcribed 4.1K bytes:
> > Here's the information I need from you:
> >
> > Name of the project, along with a paragraph explaining the significance
> > of the project and why it matters.
> > Link to the project, and name or the handle of the maintainer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160622/eaad5ce3/attachment.sig>
More information about the tor-dev
mailing list