[tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user

[Tor Bug Tracker & Wiki]

#15220: Allow SocksSockets writable by arbitrary user
-----------------------------+--------------------------------
     Reporter:  sysrqb       |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by dgoulet):

 Replying to [comment:6 nickm]:
 > I think this is 0.2.7 material by default; It's neither a security hole
 nor a regression.

 Adding torrc options to set the user/group for the unix socket is out of
 the question for 0.2.6 for sure. However, right now without a change from
 660 to 666 (world open), this feature is unusable unless the user puts
 itself in the tor system group (ex: debian-tor) or chmod the socket. This
 means that anyone using torsocks out of the box won't be able to use this
 feature nor people using nginx Unix socket support for instance.

 Isn't the point of SocksPort to be world usable (like an inet socket)? If
 you really want it not world open, set the socket path to be in a
 directory you only control. Would that be a middle ground for inclusion in
 0.2.6?

 If we don't get this in 0.2.6, I would advocate for an extra documentation
 somewhere explaining how to access the socket else that feature is dead
 until 0.2.7 imo.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15220#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online