On 2026/01/14 21:50, [email protected] wrote: > You're right that other ports like net/tor have patches like that. But is > this a good enough reason to just copy and paste? My point was that there's > no *practical* benefit to set i2pd's working directory as /var/i2pd instead > of /var/lib/i2pd. On the contrary, there's a potential drawback, also on the > practical level: the risk of confusing some users. The trade-off here is > style and consistency on the one side vs. practicality on the other.
/var/lib isn't very openbsd-ish, is only used by 3 ports, and IIR there's a backburner proposal to symlink /var/lib -> /var/db if we can figure out how to get things moved out the way without breakking updates too badly. So if we can get these files moved it would be a good step on the way to that. > You're right that the web interface definitely adds some attack surface. But > what's the threat model exactly? The web interface allows "any user on the > system", let's say a malicious user, to shut down the daemon, namely enables > a denial-of-service attack. This malicious user could also access private > information, like your router identity or the B32 addresses of your tunnels. > That's probably what you mean by "deanonymizing you"... But bear in mind that > "any user on the system" can easily get the machine's IP address anyway, > which is usually what you want to conceal. And even with the web interface > disabled, any local user could also access i2pd's configuration files, which > are world-readable by default and can include some private information > (encrypted LeaseSets keys in /etc/i2pd/tunnels.conf for example). That sounds like a good argument to use mode 750 for /etc/i2pd.. > On the other hand, the web interface can be very useful to control and > monitor the i2pd daemon. It's impossible to know what proportion of i2pd > users rely on this feature, but my guess is that it is widely used, hence the > i2pd developers enabled it by default. > > In any case, we can also add a note to the README warning users about the > risks associated with the web interface. OpenBSD policy would usually be to disable potentially risky things by default and let people enable them if they want rather than hope they actually read pkg-readme (a lot of users seem not to).
