[tor-bugs] #2972 [Tor Client]: Allow ControlSocket to be group writable
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon May 9 15:21:15 UTC 2011
#2972: Allow ControlSocket to be group writable
-------------------------+--------------------------------------------------
Reporter: lunar | Owner:
Type: enhancement | Status: needs_review
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
Let's move this ahead.
Given that the authentication cookie file's group-readability support
already does not support specifying a group, I'm okay with leaving off
support for specifying a particular group to 0.2.3.x.
On the security issue: We should check the permissions on the directory
containing the socket. We should warn if it's world-w or world-rx. We
should warn if it's group-w or group-rx and the option to make the socket
group-accessible is not set or the group that owns the directory is not
the same group as is getting rights on the socket. (The
check_private_dir() function in util.c can already do some of this.)
I believe we can tell whether our host system implements file permissions
properly on sockets by the trick of doing a chmod 000 then trying to
connect to the socket. But that's potentially tricky to get right, and I'd
rather just warn everywhere if people are leaving the socket in a visible
directory.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2972#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list