[tor-bugs] #18156 [Tor]: Add a torrc flag to disable ADD_ONION creation.

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 23 18:58:56 UTC 2016


#18156: Add a torrc flag to disable ADD_ONION creation.
-----------------------------+------------------------------
 Reporter:  cypherpunks      |          Owner:
     Type:  defect           |         Status:  new
 Priority:  Medium           |      Milestone:  Tor: 0.2.???
Component:  Tor              |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  tor-hs, control  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:  SponsorR-can
-----------------------------+------------------------------
Changes (by dgoulet):

 * keywords:   => tor-hs, control
 * sponsor:   => SponsorR-can


Comment:

 This is indeed a worrying issue imo. There are multiple options here I
 see:

 1. Add a torrc option to disable ADD_ONION for only client
 2. atagar's suggestion is to have a read-only option for control port.
 3. Add a torrc option which tells tor that it's a client-only so no HS
 would be possible. Actually, any "opening listening socket" apart from
 SocksPort would be denied.

 More on that. I actually think that a default tor client (only acting as a
 client that is no ORPort) should never allow `ADD_ONION` unless explicitly
 requested in the torrc. It sounds like a lot to ask to users to _close_
 down the command instead of opening it if needed (most of the time used by
 specific apps).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18156#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list