[tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there

[Tor Bug Tracker & Wiki]

#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-------------------------+---------------------
 Reporter:  yurivict271  |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  general      |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 I suggest that tor should by default listen on the UNIX domain socket (ex.
 /tmp/.tor-unix/ctl-privileged) in addition to it currently listening on
 the local address 127.0.0.1:9100

 Socket /tmp/.tor-unix/ctl-privileged should be owned by root with
 restrictive permissions like 0700, and no authentication should be
 required from the users (root) connected to it.

 Why this is needed: I created the service that needs to modify the torrc,
 and currently there is no way to do this in automated way due to the
 authentication requirement. So I still have to write the torrc file
 directly, risking that my changes will get lost.

 The service starts as root, and by the virtue of this has an authority to
 modify anything on the system, including torrc, but it still needs the
 password to do this the "right" way, which is unreasonable.

 Additionally, it would make sense to also maintain /tmp/.tor-unix/ctl UNIX
 domain socket with less restrictive permissions which would require an
 authentication much like 127.0.0.1:9100 does.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online