[or-cvs] [PATCH] Create a sample bridge configuration torrc.

Andrew Lewman andrew at torproject.org
Fri Jun 11 21:13:09 UTC 2010

On Thu, 10 Jun 2010 12:04:22 -0400
Roger Dingledine <arma at mit.edu> wrote:

> 1) It looks like we're setting ControlPort without setting any other
> control port authentication lines? That is a bad move security-wise:
> any java or flash applet that runs on the same computer and can play a
> cross-domain trick lets you reconfigure our Tor.

As you've seen, this is fixed.  The control port is now commented out
altogether.  I missed a # somehow.

> 2) Vidalia has a nice trick where your ORPort defaults to 443 on
> Windows but 9001 on Unix. That way we have more of our bridges on
> 443, but we don't force you to deal with binding a low-numbered port
> on operating systems that care.
> Speaking of which: if this bridge torrc is designed to be used with
> bundles that include Vidalia, what happens when Vidalia saves a config
> change? Does it clobber the torrc changes, and you silently stop being
> a bridge? Or does Vidalia read in the torrc lines and synchronize its
> internal config to what Tor says it wants to be?

Actually, separate the two topics.  This is a torrc for those that only
want to run Tor without anything else.  If you have vidalia, use
vidalia to configure your bridge.

> 3) Bridges don't need to set DirPort, and they probably shouldn't if
> they want to remain more subtle. No real harm; but another benefit to
> leaving DirPort unset is that people wrestling with their port
> forwarding won't have to wrestle quite as much.

If you are already reconfiguring your router/nat device for one port
forwarding, doing so for another port isn't any more difficult.
However, not running dirport is fine with me too.

Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject

More information about the tor-dev mailing list