Opened 2 years ago
Last modified 12 months ago
#20337 new enhancement
Support abstract namespace AF_UNIX sockets.
Reported by: | yawning | Owned by: | |
---|---|---|---|
Priority: | Low | Milestone: | Tor: unspecified |
Component: | Core Tor/Tor | Version: | Tor: unspecified |
Severity: | Normal | Keywords: | linux, af-unix, tor-client unix-socket, intro |
Cc: | brade, mcs, richard@… | Actual Points: | |
Parent ID: | Points: | 3 | |
Reviewer: | Sponsor: |
Description
Linux has a notion of abstract
AF_UNIX sockets. This should be supported both for the control and socks port, as they are convenient and useful, as long as they are used correctly.
Benefits:
- Easier to bundle.
sun_path
length limitations are dumb, being able to use an abstract identifier is simpler. - No need to mess around with creating a directory, arguing over what permissions the directory and the socket file has.
- The socket goes away when the last reference to the socekt is closed, removing the need to unlink it.
Downsides:
- There is no access control, at all. Primarily relevant for the ControlPort, but that has separate mechanisms for restricting access.
- Not wildly useful for sandboxes, since most sandboxing approaches will unshare/create a new IPC namespace.
- Non-portable.
(0.2.0.3-alpha was the first time we supported AF_UNIX at all)
Child Tickets
Change History (5)
comment:1 Changed 2 years ago by
Cc: | brade mcs added |
---|
comment:2 Changed 2 years ago by
comment:3 Changed 2 years ago by
Component: | Core Tor → Core Tor/Tor |
---|
comment:4 Changed 20 months ago by
Keywords: | linux af-unix tor-client unix-socket intro added |
---|---|
Points: | → 3 |
comment:5 Changed 12 months ago by
Cc: | richard@… added |
---|
This change will need to take the patch for #22794 into account when we get to this.
Note: See
TracTickets for help on using
tickets.
I'm a fan! Looks like it should be easy to support in Tor, and then the external applications can decide for themselves if it's the right answer for them.