[tor-bugs] #15649 [general]: [feature suggestion] Tor control protocol should listen on privileged UNIX domain socket and allow an unauthenticated administration there

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 14 21:59:34 UTC 2015 

#15649: [feature suggestion] Tor control protocol should listen on privileged UNIX
domain socket and allow an unauthenticated administration there
-----------------------------+--------------------
     Reporter:  yurivict271  |      Owner:
         Type:  enhancement  |     Status:  closed
     Priority:  normal       |  Milestone:
    Component:  general      |    Version:
   Resolution:  wontfix      |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------
Changes (by atagar):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 >> Maybe tor should provide a ControlPort instance out of the box, and if
 it does, sure, it should be an AF_UNIX socket on systems that have
 AF_UNIX. But it currently does not, and if things were to change that way,
 then what's the point of a magic superuser socket in the first place.
 >
 > Yes, tor should have always-on UNIX socket for ControlPort.

 [[BR]]

 Really this ticket boils down to just this, 'please make the
 ControlPort/Socket on by default'. This is gonna be a tough sell. For a
 security focused application like tor making the control interfact opt-in
 makes tor safer by default.

 As Yawning said, we're not in the business of dictating policy. Package
 managers are welcome to chose whatever default torrc they'd like. Feel
 free to ask them if you want a ControlSocket to be open by default. For
 the upstream project though we plan to keep this as-is unless Nick changes
 his mind (and from irc it sounds as though he's not inclined).

 [[BR]]

 > First part is that ControlPort protocol should work through the UNIX
 domain socket, I don't think anybody can disagree that this is a better
 solution, compared to the localhost port.

 [[BR]]

 It does. See the ControlSocket option...

 https://www.torproject.org/docs/tor-manual.html.en#ControlSocket

 As for authetication, both Stem and txtorcon make this transparent. If you
 need an example for how to connect or authenticate via any method
 manually...

 https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-
 interface-directly

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15649#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list