[tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 10 11:56:38 UTC 2015
#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+-----------------
Reporter: yurivict271 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: general | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by yawning):
Replying to [comment:4 yurivict271]:
> In case there are many instances this is easily solved by factoring in
their pid in the ctl socket name.
Ok.
> Package manager/user can't solve this problem. They run 'pkg install tor
my-service && service tor start && service my-service start'. Where does
the user or package manager come into play? This boils down to either
changing the default for CookieAuthentication, or the need of the direct
user involvement: change this file, add this line here, and that line
there. It quickly becomes the rocket science when it doesn't have to be.
Superuser ctl socket elegantly solves this problem. Xorg also typically
keeps such socket, this is a common practice to operate through the UNIX
sockets.
>
> Tor opens local socket at 127.0.0.1:9100 by default. This should have
been UNIX socket to begin with, because that would have been the most
natural choice. Why choose local net when UNIX socket is obviously more
functional for this. UNIX socket actually supports authentication
credentials too, among other potentially useful things.
I agree that a Unix domain socket is a fine and sensible default, if
`ControlPort` was enabled by default. But, the standard behavior of tor,
built from an official source package, or git for that matter is to
disable the control port.
So, any tor instance that isn't "the one that Tor Browser runs" which has
the `ControlPort` enabled at
all is already running a non-standard configuration, including the Debian
package that does the right thing. So, complain to the packager that got
it wrong.
Maybe tor should provide a `ControlPort` instance out of the box, and if
it does, sure, it should be an AF_UNIX socket on systems that have
AF_UNIX. But it currently does not, and if things were to change that
way, then what's the point of a magic superuser socket in the first place.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list