Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Tor
1.2. Name of Document Author/Supplier:
Author: Wyllys Ingersoll
1.3 Date of This Document:
12 March, 2009
4. Technical Description
Description
-----------
This case proposes to deliver packages containing the Tor project
sofware. Tor (https://www.torproject.org) is software lets
one to participate in a network of virtual tunnels that allow people
and groups to improve their privacy and security on the internet.
Tor provides the foundation for a range of applications that allow
organizations and individuals to share information over public
networks without compromising their privacy.
See this page for more details: https://www.torproject.org/overview.html.en
Notes:
* Currently we are planning to deliver version 0.2.0.34
* Tor uses only TCP streams and can be used by any application with SOCKS
support.
* Tor does NOT support IPv6 yet
(https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IPv6)
* Tor uses OpenSSL for key generation and for encrypting the data
between relays. As it works fine with the OpenSSL currently in Solaris,
there are
no plans to change it to use PKCS11 or KMF.
Least Privilege/RBAC
--------------------
This project will deliver new authorizations to /etc/security/auth_attr
for managing the SMF services for starting and stopping the relay server:
solaris.smf.value.tor:::Change tor value properties::
solaris.smf.manage.tor:::Manage tor service states::
The following rights profile will be added to /etc/security/prof_attr:
Tor Administration::::auths=solaris.smf.manage.tor,solaris.smf.value.tor
The following will be added to /etc/security/exec_attr:
Tor
Administration:solaris:cmd:::/usr/bin/tor:uid=daemon,gid=daemon,privs=basic
Tor
Administration:solaris:cmd:::/usr/bin/tor-gencert:uid=daemon,gid=daemon,privs=basic
Tor
Administration:solaris:cmd:::/usr/bin/tor-resolve:uid=daemon,gid=daemon,privs=basic
tor will run as uid/gid "daemon/daemon". It does not require special
privileges,
it does not listen on privileged ports or access privileged data or directories
on the system.
SMF
---
This project will deliver an SMF manifest and script that will allow
the tor relay daemon to be restarted via SMF. The SMF service will be:
svc:/application/security/tor:default (Tor Relay Daemon)
Zones
-----
Tor can (and probably should) be run in a local zone with no restrictions
other than the fact that it needs a working network interface. There
is no technical reason why it would NOT work in a TX zone, though
that configuration has not been tested.
Auditing
--------
Tor does not make access control decisions and is not an administrative
tool that requires BSM auditing.
Configuration
-------------
Tor is an open source project and has an existing configuration system
that relies on a text based configuration file. An example config file
will be delivered in /etc/security/torrc.sample. We do not plan to put
any of the Tor configuration settings into SMF because we do not want to
deviate from the upstream provider if at all possible.
The configuration file contains a long list of options for configuring
the ports and interfaces that the relay will listen to as well as other
details such as logging levels, configuring "hidden" services (see
https://www.torproject.org/hidden-services.html.en for a detailed description
of the hidden service protocol), and limiting the bandwidth that the relay will
use.
The sample configuration file must be manually edited by the administrator
and copied to the /etc/security/torrc in order to be used. This forces
the administrator to know and acknowlege the features that are being enabled
rather than just blindly turning it on.
The upstream Tor community is fairly active and releases updates several times
each year. Making Solaris-specific changes (such as putting config options in
an
SMF profile) will make it harder to keep up with the community and resync
with the current releases.
Packing Modifications
---------------------
SUNWtor Tor software for userland
SUNWtor-root Tor software for Root filesystem
Deliverables
------------
/usr/bin/tor SFW Uncommitted
/usr/bin/tor-resolve SFW Uncommitted
/usr/bin/tor-gencert SFW Uncommitted
/etc/security/torrc.sample SFW Uncommitted
/usr/share/tor/geoip SFW Uncommitted
/usr/man/man1/tor.1 SFW Uncommitted
/usr/man/man1/tor-resolve.1 SFW Uncommitted
/usr/man/man1/tor-gencert.1 SFW Uncommitted
Details
-------
tor is the main daemon process that is started by the "tor" SMF profile.
tor-resolve is a script to connect to a SOCKS proxy that knows about the SOCKS
RESOLVE
command, hand it a hostname, and return an IP address.
tor-gencert generates certificates and private keys for use
by Tor directory authorities running the v3 Tor directory
protocol, as used by Tor 0.2.0 and later. If you are not
running a directory authority, you don't need to use tor-
gencert. tor-gencert generates 3 files that the user must then copy
to the "keys" subdirectory (/var/lib/tor/keys) - "authority_identity_key",
"authority_signing_key" and "authority_certificate".
geoip is an ASCII based database of IP-to-Country name mappings. It is not
intended
to be edited by users.
OpenSource
----------
OSR Review: 9954 (approved - Tor version 0.2.0.30)
11364 (pending expedited review - Tor version 0.2.0.34)
Tor Project: https://www.torproject.org
Tor Wiki: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
Release Taxonomy: Micro/Patch
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
SFW
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
