[tor-dev] [RELEASE] Torsocks 2.1.0

anonym anonym at riseup.net
Thu May 28 12:55:07 UTC 2015


On 05/27/2015 09:19 PM, David Goulet wrote:
> - IsolatePID is a new option that will make torsocks set the SOCKS5
>   username and password automatically to provide isolation on Tor side.
> 
>   You can use this with the -i,--isolate command added or
>   TORSOCKS_ISOLATE_PID env. variable.

Perhaps I'm overlooking the purpose of this option, but it doesn't look
like something you can rely on to get stream isolation between separate
torsocks invocations. For instance, on a POSIX-compliant system a PID
can be reused as soon as the process using it has terminated. This
implies that, for any purpose, a PID should only be used as a unique
identifier for the duration of the process using it.

Assuming the purpose is to provide stream isolation between torsocks
invocations, why not generate a big random numbers for the socks auth
user/password instead? 256 bits should be enough even when taking the
birthday paradox into account.

In practice PID resuage perhaps isn't a problem for any realistic use
case, making my remarks into theoretical nitpicking, but YMMV.

Cheers!



More information about the tor-dev mailing list