Resent as apparently public libraries have smtp-eating proxies now. ----- Forwarded message from Joey Hess <i...@joeyh.name> -----
Date: Thu, 8 Dec 2016 12:43:59 -0400 From: Joey Hess <i...@joeyh.name> To: Peter Palfrader <wea...@debian.org> Cc: 846...@bugs.debian.org Subject: Re: Bug#846275: provide a directory for hidden service socket files User-Agent: NeoMutt/20161104 (1.7.1) Peter Palfrader wrote: > I do like the idea. Do you have any suggestions on naming it? Well, the directory should only contain unix socket files for tor hidden services, so something like /var/lib/tor_hidden_service_sockets? (Path should not be too long due to the severe length limitations on paths to unix sockets..) > Do we want directory shared across all tor instances, or do we want a > different one for every instance? The only tor instance I am familar with, aside from the system tor, is torbrowser's instance. AFAIK the latter runs entirely as the user who started the browser, and uses a separate tor directory tree in their HOME, so system-wide directories are probably not useful to it. The hidden service socket directory needs to be readable by debian-tor, and by whatever set of users hidden services run as. That probably means world readable. Each hidden service can have a subdirectory in it, which need only to be readable by debian-tor and writable by the particular user who runs the hidden service. drwxr-xr-x root root /var/lib/tor_hidden_service_sockets drwxr-x--- joey debian-tor /var/lib/tor_hidden_service_sockets/joeyservice -rw-r----- joey debian-tor /var/lib/tor_hidden_service_sockets/joeyservice/socket If another instance of the system tor was run for some reason, as a different user than debian-tor, it would thus not be able to access the sockets for hidden services served by debian-tor. It could use the /var/lib/tor_hidden_service_sockets directory in the same way with subdirs for the hidden services it serves. (Is it a problem that in this example user joey can now store data under /var? Well, I can already write to /var/mail/joey, and to some nethack bones files and of course to /var/tmp/. This would be the first time I was able to write to files in /var/lib/ except indirectly via crontab -e. It could be a concern if the admin enforces user disk quotas for /home, but they should probably also have quotas on /var due to the other ways for users to write there.) > Should we actually ship the directory, or would it be sufficient to just > make the apparmor and systemd restrictions allow that directory and have > the admin create it when they need it? Shipping the directory would be a good indication that this version of tor supports it. Otherwise a hidden service installer would need to look at version numbers or the apparmor config to guess. Also, shipping the directory would let you pick the best permissions for it. -- see shy jo ----- End forwarded message ----- -- see shy jo
signature.asc
Description: PGP signature