Opened 4 years ago
Last modified 2 years ago
#16004 new enhancement
Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints
| Reported by: | anon | Owned by: | |
|---|---|---|---|
| Priority: | Medium | Milestone: | Tor: unspecified |
| Component: | Core Tor/Tor | Version: | Tor: unspecified |
| Severity: | Normal | Keywords: | isolation, lorax, tor-client, scm_creds AF_UNIX |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints.
(a pid, uid, gid tuple, or any of the three)
Child Tickets
Change History (6)
comment:1 Changed 4 years ago by
| Keywords: | tor-core isolation lorax added |
|---|---|
| Milestone: | → Tor: 0.2.??? |
| Version: | → Tor: unspecified |
comment:3 Changed 3 years ago by
| Keywords: | tor-03-unspecified-201612 added |
|---|---|
| Milestone: | Tor: 0.3.??? → Tor: unspecified |
Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.
comment:4 Changed 2 years ago by
| Keywords: | tor-03-unspecified-201612 removed |
|---|
Remove an old triaging keyword.
comment:5 Changed 2 years ago by
| Keywords: | tor-core removed |
|---|
The tor-core keyword doesn't really make sense now that we have "Core Tor/Tor" for component.
comment:6 Changed 2 years ago by
| Keywords: | tor-client scm_creds AF_UNIX added |
|---|---|
| Severity: | → Normal |
Note: See
TracTickets for help on using
tickets.
Better than
SCM_CREDENTIALS/SCM_CREDSwould be to use the equally non-portable (but easier to use) socket options that return the relevant tuple.SO_PEERCREDon Linux,LOCAL_PEERCRED(SOL_SOCKET) on FreeBSD,LOCAL_PEERCRED(SOL_LOCAL) on Darwin.This is a dead trivial amount of code to add, so I could see it being really nice for 0.2.7.x if someone has time to write a good implementation of it (and I may, if I can spare a hour or two). It's particularly appealing for torsocks, since once AF_UNIX backed socket support lands there, it will automagically get strong-ish isolation.