[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-desktops
Subject: [Secure Desktops] roflcoptor as Tor control port filter
From: sajolida <sajolida () pimienta ! org>
Date: 2016-06-23 10:45:47
Message-ID: 576BBDDB.5050205 () pimienta ! org
[Download RAW message or body]
dawuud:
> ROFLCopTor aims to be an exhaustive Tor control port filter daemon written in \
> golang.
> https://github.com/subgraph/roflcoptor
>
> maintainer: David Stainton
>
> The Tor control port exposes powerful functionality, much more authority than most \
> applications need when they talk to the Tor control port. In accordance with the \
> principal of least authority [1] each software module would ideally have authority \
> over only the resources needed to perform it's tasks. Here in the context of \
> ROFLCopTor, we seek to illiminate excess authority from applications which utilize \
> the Tor control port, therefore they will not be in the debian-tor group or \
> otherwise have access to the tor control port UNIX domain socket or TCP listener. \
> The only available access to the tor control port being via ROFLCoptor which \
> exposes a TCP listener and or a UNIX domain socket. Applications can be allowed to \
> authenticate with ROFLCoptor but this isn't necessary because the filtration policy \
> is applied based on the client application's exec path which is discovered by \
> matching the socket inode via the Linux proc filesystem.
Hi David,
I'm moving the thread from tor-dev to desktops@secure-os.org as I think
this should be a cross-project discussion.
At Tails we have a very primitive Tor control port filter but want
something better.
Is it the successor of or-ctl-sieve that you mentioned to me in IFF?
Is this already in use in Subgraph? elsewhere?
Is it in Debian?
Do you think we should use it in Tails?
_______________________________________________
Desktops mailing list
Desktops@secure-os.org
https://secure-os.org/cgi-bin/mailman/listinfo/desktops
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic