Opened 3 years ago

Last modified 2 years ago

#18157 new enhancement

Which hidden services am I running?

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, tor-control, needs-spec
Cc: adrelanos Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please create an easy way for the user, to query the onion addresses currently running by the tor client, and their respective port mappings, using the control port.

To get the onion addresses from the control port, the user has to go through the data dump of "getinfo circuit-status", and try and locate the "REND_QUERY=" lines.

There is no way for seeing the assigned port mapping of those onion addresses using the control port.

The only available mean is to log at debug level and look for the lines
[debug] rend_add_service(): Service maps port 80 to 127.0.0.1:8080

I think this is important to allow the users to investigate, what applications, that use ADD_ONION, and has access to the tor control port, are doing exactly.

Child Tickets

Change History (13)

comment:1 Changed 3 years ago by cypherpunks

Component: - Select a componentTor

comment:2 Changed 3 years ago by nickm

Milestone: Tor: 0.2.???

Seems worthwhile to me.

comment:3 Changed 3 years ago by dgoulet

Keywords: tor-hs added
Sponsor: SponsorR
Type: defectenhancement

comment:4 Changed 3 years ago by yawning

Hm. The onions/current and onions/detached options could be extended to support this (both only lists addresses and not port mappings at the moment). There probably should be a way to query "normal" non-ADD_ONION HSes as well...

By design, HSes created by ADD_ONION that belong to a particular control port instance (default behavior), are not visible to other control port connections. The rational being because, most apps have no business in knowing that other apps are running HSes. I would be moderately against changing this behavior, without something like ACLs for the control port that doesn't involve running sketchy 3rd party filtering code.

comment:5 Changed 3 years ago by cypherpunks

The rational being because, most apps have no business in knowing that other apps are running HSes.

I'm not against that, yes the other apps shouldn't know. I'm 100% for that. But, the human being running the tor client should know what her tor client is doing and if she is being exposed to the tor network unbeknownst to her, or if the "apps" are overreaching and running a backdoor into her server.

comment:6 in reply to:  5 Changed 3 years ago by yawning

Replying to cypherpunks:

The rational being because, most apps have no business in knowing that other apps are running HSes.

I'm not against that, yes the other apps shouldn't know. I'm 100% for that. But, the human being running the tor client should know what her tor client is doing and if she is being exposed to the tor network unbeknownst to her, or if the "apps" are overreaching and running a backdoor into her server.

Can't limit control port commands on a per-consumer basis at the moment. Patches accepted. Till then, it's probably a good idea to assume that anything that has access to the control port can de-anonymize you (Technically speaking you could proxy the control port with a third party codebase like what Tails/Whonix/Myself do, but since that use case is rather non-standard, I'm still against changing what information is exposed for eph. Onion Services till something like ACLs exist).

comment:7 Changed 3 years ago by dgoulet

Sponsor: SponsorRSponsorR-can

Move those from SponsorR to SponsorR-can.

comment:8 Changed 3 years ago by adrelanos

Cc: adrelanos added

comment:9 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:10 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:11 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:12 Changed 2 years ago by dgoulet

Keywords: tor-control added
Sponsor: SponsorR-can

comment:13 Changed 2 years ago by nickm

Keywords: needs-spec added
Note: See TracTickets for help on using tickets.