Opened 5 years ago

Closed 5 years ago

#16006 closed enhancement (fixed)

torsocks should support isolating on a per process basis.

Reported by: yawning Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Keywords: isolation
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


#16004 + #14132 would be the better way to handle this since it allows doing this for more than torsocks, but as something that can happen in the mean time (or if the user doesn't want to use AF_UNIX based SOCKSSocket), there's no reason that torsocks can't do this automatically.

Rough idea:

   IsolatePid 0|1

     Automatically set the SOCKS5 username/password to a unique per-process value
     that makes the connections to Tor use a different circuit from other existing
     streams on a per-application basis.  If set, the SOCKS5Username and
     SOCKS5Password options must not be set. (Default: 0)

The implementation would stash the pid/time(NULL) on startup and use pid:TIME (both ASCII serialized) as the SOCKS5 username/password pair for all SOCKS connections.

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by yawning

Based on top of my #15584 branch since I changed a bunch of the init stuff, and can't be bothered untangling it/dealing with merge conflicts (since I run with #15584 fixed on all my boxes).

Differences from the description:

  • Username is torsocks- PID : time(NULL)
  • Password is 0 (To allow for new circuit hackery later, this is how Tor Browser does it).

The SOCKS5 Username/Password isn't currently being sent for RESOLVE and RESOLVE_PTR requests either, so that's fixed in my branch as well (as a separate commit for cherry picking).

comment:2 Changed 5 years ago by yawning

Status: newneeds_review

comment:3 Changed 5 years ago by dgoulet

Resolution: fixed
Status: needs_reviewclosed

I added a command line option to trigger this feature. See -i/--isolate.

Merged! thanks

Note: See TracTickets for help on using tickets.