Bug#797335: tor: should open a Unix-domain SOCKSPort by default

Sat, 29 Aug 2015 09:30:37 -0700 

Package: tor
Version: 0.2.6.10-1
Severity: wishlist

There are various Debian programs that assume tor is running on port
9050, and send data to it.  This is inappropriate because the port can
be bound by any unprivileged user if tor is not running (or they can
crash it).  I'll file bugs separately for any programs I see doing this.

SOCKSPort supports Unix-domain sockets now.  The default torrc should
open one, to give programs a safe default.  E.g.,
  SOCKSPort unix:/var/run/tor-socks
Opening an extra TCP port below 1024 could be useful for programs with
no AF_LOCAL support.  I've been using 905.

- Michael


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages tor depends on:
ii  adduser              3.113+nmu3
ii  init-system-helpers  1.23
ii  libc6                2.19-19
ii  libevent-2.0-5       2.0.21-stable-2
ii  libseccomp2          2.2.3-1
ii  libssl1.0.0          1.0.2d-1
ii  libsystemd0          224-2
ii  lsb-base             4.1+Debian14
ii  zlib1g               1:1.2.8.dfsg-2+b1

Versions of packages tor recommends:
ii  logrotate    3.8.7-2
ii  tor-geoipdb  0.2.6.10-1
ii  torsocks     2.1.0-1

Versions of packages tor suggests:
pn  apparmor-utils       <none>
pn  mixmaster            <none>
ii  obfs4proxy           0.0.5-2
ii  obfsproxy            0.2.13-1
ii  socat                1.7.3.0-1
ii  tor-arm              1.4.5.0-1.1
ii  torbrowser-launcher  0.2.0-2

-- Configuration Files:
/etc/tor/torrc changed:
SocksPort 127.0.0.1:900 SessionGroup=900
SocksPort 127.0.0.1:901 SessionGroup=901
SocksPort 127.0.0.1:902 SessionGroup=902
SocksPort 127.0.0.1:903 SessionGroup=903
SocksPort 127.0.0.1:904 SessionGroup=904
SocksPort 127.0.0.1:905 SessionGroup=905
SocksPort 127.0.0.1:906 SessionGroup=906
SocksPort 127.0.0.1:907 SessionGroup=907
SocksPort 127.0.0.1:908 SessionGroup=908
SocksPort 127.0.0.1:909 SessionGroup=909
SocksPolicy accept 74.116.186.120/29
SocksPolicy accept 172.23.0.0/18
SocksPolicy accept 127.0.0.1/32
SocksPolicy reject *
HiddenServiceDir /var/lib/tor/hidden-ssh/
HiddenServicePort 22 127.0.0.1:22
HiddenServiceAuthorizeClient basic terra-mgold
ORPort 443
ORPort 143               # imap
ORPort 3690 NoAdvertise  # subversion
ORPort 8001 NoAdvertise
ORPort 389 NoAdvertise   # ldap
Address 74.116.186.120
Nickname terra
RelayBandwidthRate 75 KBytes
RelayBandwidthBurst 95 KBytes
ContactInfo 4096R/BA8239D3BD1DE48C
ExitPolicy reject *:* # no exits allowed


-- no debconf information

Attachment: signature.asc
Description: Digital signature

Reply via email to