[tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 10 11:56:38 UTC 2015 

#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+-----------------
     Reporter:  yurivict271  |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  general      |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------

Comment (by yawning):

 Replying to [comment:4 yurivict271]:
 > In case there are many instances this is easily solved by factoring in
 their pid in the ctl socket name.

 Ok.

 > Package manager/user can't solve this problem. They run 'pkg install tor
 my-service && service tor start && service my-service start'. Where does
 the user or package manager come into play? This boils down to either
 changing the default for CookieAuthentication, or the need of the direct
 user involvement: change this file, add this line here, and that line
 there. It quickly becomes the rocket science when it doesn't have to be.
 Superuser ctl socket elegantly solves this problem. Xorg also typically
 keeps such socket, this is a common practice to operate through the UNIX
 sockets.
 >
 > Tor opens local socket at 127.0.0.1:9100 by default. This should have
 been UNIX socket to begin with, because that would have been the most
 natural choice. Why choose local net when UNIX socket is obviously more
 functional for this. UNIX socket actually supports authentication
 credentials too, among other potentially useful things.

 I agree that a Unix domain socket is a fine and sensible default, if
 `ControlPort` was enabled by default.  But, the standard behavior of tor,
 built from an official source package, or git for that matter is to
 disable the control port.

 So, any tor instance that isn't "the one that Tor Browser runs" which has
 the `ControlPort` enabled at
 all is already running a non-standard configuration, including the Debian
 package that does the right thing.  So, complain to the packager that got
 it wrong.

 Maybe tor should provide a `ControlPort` instance out of the box, and if
 it does, sure, it should be an AF_UNIX socket on systems that have
 AF_UNIX.  But it currently does not, and if things were to change that
 way, then what's the point of a magic superuser socket in the first place.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list