Opened 4 years ago

Last modified 22 months ago

#16004 new enhancement

Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints

Reported by: anon Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: isolation, lorax, tor-client, scm_creds AF_UNIX
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Support Isolation by SCM_CREDENTIALS / SCM_CREDS for AF_UNIX endpoints.
(a pid, uid, gid tuple, or any of the three)

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by yawning

Keywords: tor-core isolation lorax added
Milestone: Tor: 0.2.???
Version: Tor: unspecified

Better than SCM_CREDENTIALS/SCM_CREDS would be to use the equally non-portable (but easier to use) socket options that return the relevant tuple. SO_PEERCRED on Linux, LOCAL_PEERCRED (SOL_SOCKET) on FreeBSD, LOCAL_PEERCRED (SOL_LOCAL) on Darwin.

This is a dead trivial amount of code to add, so I could see it being really nice for 0.2.7.x if someone has time to write a good implementation of it (and I may, if I can spare a hour or two). It's particularly appealing for torsocks, since once AF_UNIX backed socket support lands there, it will automagically get strong-ish isolation.

comment:2 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:3 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:4 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:5 Changed 2 years ago by dgoulet

Keywords: tor-core removed

The tor-core keyword doesn't really make sense now that we have "Core Tor/Tor" for component.

comment:6 Changed 22 months ago by nickm

Keywords: tor-client scm_creds AF_UNIX added
Severity: Normal
Note: See TracTickets for help on using tickets.