On Sat, 29 Aug 2015, Michael Gold wrote: > I tried to use this option: > SocksPort unix:/var/run/tor-socks > (And also one in a directory owned by the Tor user with mode 0755.) > > But Tor refuses to create the socket: > [warn] Before Tor can create a SOCKS socket in "/var/run/tor-socks", > the directory "/var/run" needs to exist, and to be accessible only > by the user and group account that is running Tor. (On some Unix > systems, anybody who can list a socket can connect to it, so Tor is > being careful.) > > The point of the socket was to allow access by other users. I don't see > a reason to restrict Unix SOCKS ports this way, since the TCP ports are > already accessible by all. The Unix port could be more secure, because > Tor could get the uid of the client and enforce isolation between users. > This seems like a leftover ControlSocket restriction.
I tend to agree. Do you want to file a ticket upstream at https://trac.torproject.org/? If not, I can forward it. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/
