[tor-bugs] #16004 [Tor]: Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 12 09:28:27 UTC 2015
#16004: Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints
-----------------------------+----------------------------------------
Reporter: anon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords: tor-core, isolation, lorax
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------------------
Changes (by yawning):
* keywords: => tor-core, isolation, lorax
* version: => Tor: unspecified
* milestone: => Tor: 0.2.???
Comment:
Better than `SCM_CREDENTIALS`/`SCM_CREDS` would be to use the equally non-
portable (but easier to use) socket options that return the relevant
tuple. `SO_PEERCRED` on Linux, `LOCAL_PEERCRED` (`SOL_SOCKET`) on
FreeBSD, `LOCAL_PEERCRED` (`SOL_LOCAL`) on Darwin.
This is a dead trivial amount of code to add, so I could see it being
really nice for 0.2.7.x if someone has time to write a good implementation
of it (and I may, if I can spare a hour or two). It's particularly
appealing for torsocks, since once AF_UNIX backed socket support lands
there, it will automagically get strong-ish isolation.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16004#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list