Tor controllers should check the length of authentication-cookie files
Right now, our Tor controllers will send any file readable by the user to whatever is listening to the control port they try to connect to (usually 127.0.0.1:9051). This sucks. They should only send any file that is exactly 32 bytes long and readable by the user to whatever is listening on that port. (Hopefully no one stores AES-256, Salsa20, or Curve25519 secret keys (or other actually sensitive pieces of data) in raw 32-byte binary files.)
[[TicketQuery(parent=#4303 (closed),format=table,col=summary|owner)]]