[tor-dev] How to query HS hostname from control port

dawuud dawuud at riseup.net
Sat Sep 10 02:15:28 UTC 2016


> Under the old method I required the user to set up the hidden/onion
> service by adding a line to their torrc. That's not necessary if I used
> ADD_ONION. In both methods I still need them to enable the control port

right. it shouldn't be necessary at all to modify the torrc... for most features.

> and an authentication, but it's just one less requirement using ADD_ONION.

nah... you could use a unix domain socket instead of a TCP port and then
just use filesystem permissions to limit access to the socket file.
i much prefer this to authentication.

> Data isolation is improved because it separates responsibility. In
> Linux, the tor binary runs under a separate user and sets up permissions
> to protect sensitive data. My OnioNS software can run as a separate user
> as well. This way, data is isolated to its respective software and I'm
> not mixing everything.

hmm ok well keep in mind an unfiltered contorl port is rather powerful and in a
sense brings your software into the same security domain as the tor
process. access to the control port can cause tor to execute a specified
binary as a pluggable transports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160910/e01846ab/attachment.sig>


More information about the tor-dev mailing list