[or-cvs] [PATCH] Create a sample bridge configuration torrc.

Andrew Lewman andrew at torproject.org
Fri Jun 11 21:13:09 UTC 2010


On Thu, 10 Jun 2010 12:04:22 -0400
Roger Dingledine <arma at mit.edu> wrote:

> 1) It looks like we're setting ControlPort without setting any other
> control port authentication lines? That is a bad move security-wise:
> any java or flash applet that runs on the same computer and can play a
> cross-domain trick lets you reconfigure our Tor.

As you've seen, this is fixed.  The control port is now commented out
altogether.  I missed a # somehow.

> 2) Vidalia has a nice trick where your ORPort defaults to 443 on
> Windows but 9001 on Unix. That way we have more of our bridges on
> 443, but we don't force you to deal with binding a low-numbered port
> on operating systems that care.
> 
> Speaking of which: if this bridge torrc is designed to be used with
> bundles that include Vidalia, what happens when Vidalia saves a config
> change? Does it clobber the torrc changes, and you silently stop being
> a bridge? Or does Vidalia read in the torrc lines and synchronize its
> internal config to what Tor says it wants to be?

Actually, separate the two topics.  This is a torrc for those that only
want to run Tor without anything else.  If you have vidalia, use
vidalia to configure your bridge.


> 3) Bridges don't need to set DirPort, and they probably shouldn't if
> they want to remain more subtle. No real harm; but another benefit to
> leaving DirPort unset is that people wrestling with their port
> forwarding won't have to wrestle quite as much.

If you are already reconfiguring your router/nat device for one port
forwarding, doing so for another port isn't any more difficult.
However, not running dirport is fine with me too.


-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject



More information about the tor-dev mailing list