[tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon May 9 22:42:03 UTC 2011 

#3076: Implement 'SocksPort auto' and 'ControlPort auto'
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:                    
     Type:  enhancement  |         Status:  needs_review      
 Priority:  major        |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client   |        Version:                    
 Keywords:               |         Parent:  #2264             
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by rransom):

 Replying to [comment:11 mikeperry]:
 > Replying to [comment:10 nickm]:
 > > Wrote a patch to implement ControlPortWriteToFile; see the updated
 feature3076 branch in my public.
 >
 > It looks like you're going to create a temp file here if it already
 exists, and then replace the existing file due to magic in
 start_writing_to_file()? This may have consequences for my permissions
 comments below..
 >
 > Also, perhaps the man page should specify that the file name can be
 relative to the current working directory of the tor process? Or do we
 want to default to the Tor data directory, or config directory?

 We want no default value at all.  Vidalia can set this option on the
 command line in the TBBs.

 ''All'' configuration options that specify file or directory names can be
 relative to Tor's current working directory.

 > > But on consideration I am worried about MITM issues here: the patch
 would make it easier to wind up in a situation where an attacker can
 listen on port X and convince the controller to connect to port X instead
 of to Tor... either by reading a stale file and binding to the listed
 port, or by overwriting the file with a new port.  Should we care?  Can we
 do anything about this?

 > If the filesystem owner account is not used to launch the bundles, we
 may be opening up new vulnerabilities by allowing this secondary account
 to access this file. But it's also not clear how well the bundles will
 function without write access to their data directory and CWD (where
 everything lives)... The state file can't be written to save guards or CBT
 data, for example, so this appears to be a non-recommended situation
 rather than a more secure one.

 Tor won't work at all if it is not run as the user that owns its
 DataDirectory.  See #2824 for one moderately annoying consequence.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3076#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list