[or-cvs] Let the users set ControlListenAddress in the torrc.

arma at seul.org arma at seul.org
Mon Feb 13 06:25:16 UTC 2006 

Update of /home2/or/cvsroot/tor/doc
In directory moria:/home/arma/work/onion/cvs/tor/doc

Modified Files:
	TODO tor.1.in 
Log Message:
Let the users set ControlListenAddress in the torrc.
This can be dangerous, but there are some cases (like a secured
LAN) where it makes sense.


Index: TODO
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/TODO,v
retrieving revision 1.425
retrieving revision 1.426
diff -u -p -d -r1.425 -r1.426
--- TODO	13 Feb 2006 00:10:51 -0000	1.425
+++ TODO	13 Feb 2006 06:25:12 -0000	1.426
@@ -51,17 +51,12 @@ N - look at the proposed os x uninstalle
       when they feel like it.
     - update dir-spec with what we decided for each of these
 N - commit edmanm's win32 makefile to tor cvs contrib
-  o add a GUARD flag to the network-status entries.
-    o Clients use it. (But not till the directories have upgraded!)
   - when logging unknown http headers, this could include bad escape codes?
     - more generally, attacker-controller log entries with newlines in them
       are dangerous for our users.
   - make log entries include function names in win32 again.
   - Make "setconf" and "hup" behavior cleaner for LINELIST config
     options (e.g. Log). Bug 238.
-  o Were we going to load unrecognized 'state' variables into some
-    list somewhere, and write them out whenever we update the state?
-    To be forwards and backwards compatible.
 R - streamline how we define a guard node as 'up'. document it
     somewhere.
 R - reduce log severity for guard nodes.
@@ -70,7 +65,7 @@ R - failed rend desc fetches sometimes d
 R - Add config options to not publish and not fetch rend descs.
   - Add controller interfaces to hear rend desc events and learn
     about rend descs. In base16 I guess for now.
-R - let controlport be configurable on other interfaces
+  o let controlport be configurable on other interfaces
 R - look into "uncounting" bytes spent on local connections. so
     we can bandwidthrate but still have fast downloads.
 N . Clean and future-proof exit policy formats a bit.

Index: tor.1.in
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/tor.1.in,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -p -d -r1.130 -r1.131
--- tor.1.in	13 Feb 2006 06:19:18 -0000	1.130
+++ tor.1.in	13 Feb 2006 06:25:13 -0000	1.131
@@ -61,7 +61,7 @@ Windows since that platform lacks getrli
 .LP
 .TP
 \fBControlPort \fR\fIPort\fP
-If set, Tor will accept connections from the same machine (localhost only) on
+If set, Tor will accept connections on
 this port, and allow those connections to control the Tor process using the
 Tor Control Protocol (described in control-spec.txt).  Note: unless you also
 specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
@@ -69,6 +69,14 @@ setting this option will cause Tor to al
 control it.
 .LP
 .TP
+\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
+Bind the controller listener to this address. If you specify a port,
+bind to this port rather than the one specified in ControlPort. We
+strongly recommend that you leave this alone unless you know what you're
+doing, since giving attackers access to your control listener is really
+dangerous. (Default: 127.0.0.1)
+.LP
+.TP
 \fBHashedControlPassword \fR\fIhashed_password\fP
 Don't allow any connections on the control port except when the other process
 knows the password whose one-way hash is \fIhashed_password\fP.  You can

More information about the tor-commits mailing list