[tor-bugs] #15220 [Tor]: Allow SocksSockets writable by arbitrary user
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 13 07:20:33 UTC 2015
#15220: Allow SocksSockets writable by arbitrary user
-----------------------------+--------------------------------
Reporter: sysrqb | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by sysrqb):
Ah, I see I had the same thought as Yawning, with respect to the control
socket. I tried to write a patch for that, which takes advantage of the
warning we emit when ControlPort_set is set without any authentication.
Sadly I couldn't find an elegant way to do it, it seems like we'd need to
reparse the ControlSocket line again specifically to check if
WorldWritable was there. An alternative is adding the warning in
options_act_reversible() after configured_ports is set, but that is
relatively late in the startup sequence for this.
It's tested and it works, with a minor tweak. Overall, it does seem a
little large, but it's not very intrusive. I think if there is an easy way
to add a warning when the control socket is world readable, then it will
be beneficial to merge this. If adding the warning is too difficult, then
I think no merge.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15220#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list