[tor-bugs] #10702 [arm]: arm tells users to "sudo -u debian-tor arm", which lets arm read tor's keys
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 23 17:32:54 UTC 2014
#10702: arm tells users to "sudo -u debian-tor arm", which lets arm read tor's keys
------------------------+--------------------
Reporter: arma | Owner: atagar
Type: defect | Status: new
Priority: normal | Milestone:
Component: arm | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+--------------------
Comment (by arma):
No, I think those are bad steps rather than good ones.
If Tor wants to export more data to its controllers, it should do it in a
controlled fashion via the control protocol. It shouldn't just open up
more file-system permissions.
(More generally, I think arm should ask Tor questions via the control
protocol more, rather than bypassing Tor and trying to use the local
system to discover Tor things itself.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10702#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list