On Tue, 29 Nov 2016, Joey Hess wrote:
> When running a tor hidden service, it's desirable to run it as a
> different user than debian-tor, and it's safer to use a unix socket than
> it is to run the hidden service on a localhost port. However, when a unix
> socket file is used for communication between tor and the hidden
> service, there is no good location to put it in. I suggest providing
> such a location.
> I suggest that the Debian tor package include a world-readable
> directory, which tor is allowed to access by its apparmor config and any
> other things used to lock it down. Subdirectories can then be
> added as needed to contain hidden service unix sockets, etc.
So, maybe I'm doing something wrong, but I have configured a hidden
service socket in /var/lib/bla/sock, and I can access it just fine
without listing that directory in either the apparmor nor the systemd
service file.
It seems like connect() is not governed by the usual file level
restrictions imposed by systemd and apparmor.
If that is indeed the case, then the admin is free to create listening
sockets in /var as they please, and have e.g. a webfu socket in
/var/lib/webfu.
Do we need to specify a directory by the Tor package infrastructure if
neither the apparmor nor the systemd service files require modification?
Or am I missing something here?
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
