unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
@ 2021-03-15 11:15 raid5atemyhomework via Guix-patches via
  2021-03-15 16:35 ` Maxime Devos
  2022-12-27 11:52 ` Jean Pierre De Jesus DIAZ via Guix-patches via
  0 siblings, 2 replies; 9+ messages in thread
From: raid5atemyhomework via Guix-patches via @ 2021-03-15 11:15 UTC (permalink / raw)
  To: 47155

Currently, if you set DataDirectoryGroupReadable 1 in your torrc, it will be respected only if tor is started up.  If you reconfigure your OS without restarting the tor service, the directory permissions are reset due to the activation code being re-run and resetting the directory permissions.

This change simply does not chmod if the directory already exists.


Thanks
raid5atemyhomework


From d6037c59e642eaafebe43996e7419e1b58fee616 Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Mon, 15 Mar 2021 19:10:01 +0800
Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.

* gnu/services/networking.scm (tor-activation): Do not change permissions
of tor data directory if it already exists.
---
 gnu/services/networking.scm | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..65d2d39f0b 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -881,10 +881,16 @@ HiddenServicePort ~a ~a~%"
       ;; of the "tor" group will be able to use the SOCKS socket.
       (chmod "/var/run/tor" #o750)

-      ;; Allow Tor to access the hidden services' directories.
-      (mkdir-p "/var/lib/tor")
+      ;; If the directory already exists, do not chmod it again; the user
+      ;; might have set "DataDirectoryGroupReadable 1" in the torrc.
+      ;; Without this check, a `guix system reconfigure` will cause the
+      ;; directory to lose group permissions until Tor is restarted, even
+      ;; if changes to the operating-system were unrelated to Tor.
+      (unless (file-exists? "/var/lib/tor")
+        (mkdir-p "/var/lib/tor")
+        ;; Allow only Tor and root to access the hidden services' directories.
+        (chmod "/var/lib/tor" #o700))
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.30.2





^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-15 11:15 [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor raid5atemyhomework via Guix-patches via
@ 2021-03-15 16:35 ` Maxime Devos
  2021-03-15 23:42   ` raid5atemyhomework via Guix-patches via
  2021-03-27  6:37   ` raid5atemyhomework via Guix-patches via
  2022-12-27 11:52 ` Jean Pierre De Jesus DIAZ via Guix-patches via
  1 sibling, 2 replies; 9+ messages in thread
From: Maxime Devos @ 2021-03-15 16:35 UTC (permalink / raw)
  To: raid5atemyhomework, 47155

[-- Attachment #1: Type: text/plain, Size: 1076 bytes --]

On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via wrote:
> Currently, if you set DataDirectoryGroupReadable 1 in your torrc,

What are the reasons for setting DataDirectoryGroupReadable 1?

>  it will be respected only if tor is started up.

IIUC, tor will adjust the permissions of the directory to make it
group readable (while Guix' activation code creates the directory
group-unreadable).

>  If you reconfigure your OS without restarting the tor service,
>  the directory permissions are reset due to the activation code being
>  re-run and resetting the directory permissions.
> 
> This change simply does not chmod if the directory already exists.

I believe it would be more transparent to introduce a
(data-directory-group-readable? #t/#f), with #f as default,
to tor-configuration (adjusting tor-configuration->torrc)
and change the permission bits passed to chmod appropriately.

(Documentation & reproducible system configuration & one integrated
system (in the software sense) and all that)

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-15 16:35 ` Maxime Devos
@ 2021-03-15 23:42   ` raid5atemyhomework via Guix-patches via
  2021-03-27  6:37   ` raid5atemyhomework via Guix-patches via
  1 sibling, 0 replies; 9+ messages in thread
From: raid5atemyhomework via Guix-patches via @ 2021-03-15 23:42 UTC (permalink / raw)
  To: Maxime Devos; +Cc: 47155@debbugs.gnu.org



> On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via wrote:
>
> > Currently, if you set DataDirectoryGroupReadable 1 in your torrc,
>
> What are the reasons for setting DataDirectoryGroupReadable 1?
>

When using cookie-based authentication, the cookie file is traditionally placed in the data directory.  If the directory is not accessible from group, then only the `tor` user can access the cookie and control `tor`.  With this option, the cookie can be accessed by members of the `tor` group.

> > it will be respected only if tor is started up.
>
> IIUC, tor will adjust the permissions of the directory to make it
> group readable (while Guix' activation code creates the directory
> group-unreadable).

Correct.  However, when doing a `guix system reconfigure`, the activation code will be called again, which changes the directory back to group unreadable, without restarting tor.  `tor` itself will only set the permissions when it starts up, and will ignore the permissions while running.

>
> > If you reconfigure your OS without restarting the tor service,
> > the directory permissions are reset due to the activation code being
> > re-run and resetting the directory permissions.
> > This change simply does not chmod if the directory already exists.
>
> I believe it would be more transparent to introduce a
> (data-directory-group-readable? #t/#f), with #f as default,
> to tor-configuration (adjusting tor-configuration->torrc)
> and change the permission bits passed to chmod appropriately.
>
> (Documentation & reproducible system configuration & one integrated
> system (in the software sense) and all that)

Possibly.

Thanks
raid5atemyhomework




^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-15 16:35 ` Maxime Devos
  2021-03-15 23:42   ` raid5atemyhomework via Guix-patches via
@ 2021-03-27  6:37   ` raid5atemyhomework via Guix-patches via
  2021-03-27  9:45     ` Maxime Devos
  1 sibling, 1 reply; 9+ messages in thread
From: raid5atemyhomework via Guix-patches via @ 2021-03-27  6:37 UTC (permalink / raw)
  To: Maxime Devos; +Cc: 47155@debbugs.gnu.org


> > If you reconfigure your OS without restarting the tor service,
> > the directory permissions are reset due to the activation code being
> > re-run and resetting the directory permissions.
> > This change simply does not chmod if the directory already exists.
>
> I believe it would be more transparent to introduce a
> (data-directory-group-readable? #t/#f), with #f as default,
> to tor-configuration (adjusting tor-configuration->torrc)
> and change the permission bits passed to chmod appropriately.
>
> (Documentation & reproducible system configuration & one integrated
> system (in the software sense) and all that)


But really though, the primary reason for this is to use the "cookie" authentication scheme with a control port on 9051.  This is supported by most daemons, as the "control unix socket" (that is currently supported by `control-socket?` option) seems to be relatively new (Tor 0.2.7.1).

This requires adding:

    ControlPort 9051
    CookieAuthentication 1
    CookieAuthFileGroupReadable 1
    DataDirectoryGroupReadable 1

In https://issues.guix.gnu.org/46549 which implements `control-socket?` the author expressed doubt as to the safety of this mechanism.  Looking at the Tor manpage regarding `ControlPort`:

```
Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication, setting this option will cause Tor to allow any process on the local
host to control it. (Setting both authentication methods means either method is sufficient to authenticate to Tor.) This option is required for many Tor controllers; most use
the value of 9051.
```

Basically, this is safe as long as you use *either* `HashedControlPassword` *or* `CookieAuthentication` *or* both; in the case of `CookieAuthentication` only users with read access to the cookie file can access it.  Nearly every daemon that needs control access over Tor (usually to set up their own hidden service using their own privkey) expects `CookieAuthentication` and reads from `/var/lib/tor/control_auth-_cookie`, which requires that `/var/lib/tor` be readable (else it can't look up the filename).  It becomes just as safe as the control-unix-socket option, as that is similarly gated by file permissions.

Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so this is needed for Bitcoin Core support.  From what I can see more daemons support `ControlPort` than `ControlSocket`.


Thanks
raid5atemyhomework


From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Sat, 27 Mar 2021 14:29:31 +0800
Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.

* gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
(tor-configuration->torrc): Support `control-port?` field.
(tor-activation): Allow group access to data directory if `control-port?`.
* doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.
---
 doc/guix.texi               | 13 +++++++++++++
 gnu/services/networking.scm | 24 +++++++++++++++++++++---
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index c23d044ff5..a9c8f930be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -87,6 +87,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
 Copyright @copyright{} 2020 John Soo@*
 Copyright @copyright{} 2020 Jonathan Brielmaier@*
 Copyright @copyright{} 2020 Edgar Vincent@*
+Copyright @copyright{} 2021 raid5atemyhomework@*

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -16676,6 +16677,18 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket
 @file{/var/run/tor/control-sock}, which will be made writable by members of the
 @code{tor} group.

+@item @code{control-port?} (default: @code{#f})
+Whether or not to provide a ``control port'' by which Tor can be controlled
+to, for instance, dynamically instantiate tor onion services.  This is more
+commonly supported by Tor controllers than using a UNIX domain socket as
+above.  If @code{#t}, Tor will listen for authenticated control commands over
+the control port 9051.  In order to authenticate to this port, Tor controllers
+need to read the cookie file at @file{/var/lib/tor/control_auth_cookie}, which
+will be made readable by members of the @code{tor} group.
+
+This can be set to a number instead, which will make Tor listen for control
+commands over the specified port number rather than the default 9051.
+
 @end table
 @end deftp

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..a4fbeaadfe 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -747,7 +747,9 @@ demand.")))
   (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
                      (default 'tcp))
   (control-socket?  tor-control-socket-path
-                    (default #f)))
+                    (default #f))
+  (control-port?    tor-control-port?
+                    (default #f))) ; #f | #t | number

 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -770,7 +772,8 @@ demand.")))
   "Return a 'torrc' file for CONFIG."
   (match config
     (($ <tor-configuration> tor config-file services
-                            socks-socket-type control-socket?)
+                            socks-socket-type control-socket?
+                            control-port?)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -795,6 +798,16 @@ UnixSocksGroupWritable 1\n" port))
 ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
 ControlSocketsGroupWritable 1\n"
                            port))
+                (when #$control-port?
+                  (format port
+                          "\
+ControlPort ~a
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+DataDirectoryGroupReadable 1\n"
+                          #$(if (eq? control-port? #t)
+                                9051
+                                control-port?)))

                 (for-each (match-lambda
                             ((service (ports hosts) ...)
@@ -884,7 +897,12 @@ HiddenServicePort ~a ~a~%"
       ;; Allow Tor to access the hidden services' directories.
       (mkdir-p "/var/lib/tor")
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)
+      ;; Allow Tor controllers to access the cookie file if control-port?
+      ;; By default this is where Tor puts the cookie file, and most Tor
+      ;; controllers expect this file location (and not on `/var/run/tor`).
+      (chmod "/var/lib/tor" #$(if (tor-control-port? config)
+                                  #o750
+                                  #o700))

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.31.0





^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-27  6:37   ` raid5atemyhomework via Guix-patches via
@ 2021-03-27  9:45     ` Maxime Devos
  2021-03-27 11:06       ` raid5atemyhomework via Guix-patches via
  0 siblings, 1 reply; 9+ messages in thread
From: Maxime Devos @ 2021-03-27  9:45 UTC (permalink / raw)
  To: raid5atemyhomework; +Cc: 47155@debbugs.gnu.org

[-- Attachment #1: Type: text/plain, Size: 4233 bytes --]

On Sat, 2021-03-27 at 06:37 +0000, raid5atemyhomework wrote:
> > > If you reconfigure your OS without restarting the tor service,
> > > the directory permissions are reset due to the activation code being
> > > re-run and resetting the directory permissions.
> > > This change simply does not chmod if the directory already exists.
> > 
> > I believe it would be more transparent to introduce a
> > (data-directory-group-readable? #t/#f), with #f as default,
> > to tor-configuration (adjusting tor-configuration->torrc)
> > and change the permission bits passed to chmod appropriately.
> > 
> > (Documentation & reproducible system configuration & one integrated
> > system (in the software sense) and all that)
> 
> But really though, the primary reason for this is to use the "cookie"
> authentication scheme with a control port on 9051.  This is supported
> by most daemons, as the "control unix socket" (that is currently supported
> by `control-socket?` option) seems to be relatively new (Tor 0.2.7.1).
> 
> This requires adding:
> 
>     ControlPort 9051
>     CookieAuthentication 1
>     CookieAuthFileGroupReadable 1
>     DataDirectoryGroupReadable 1
> 
> In https://issues.guix.gnu.org/46549 which implements `control-socket?` the
> author expressed doubt as to the safety of this mechanism.  Looking at the Tor
>  manpage regarding `ControlPort`:
> 
> ```
> Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication,
> setting this option will cause Tor to allow any process on the local
> host to control it. (Setting both authentication methods means either method is sufficient
> to authenticate to Tor.) This option is required for many Tor controllers; most use
> the value of 9051.
> ```
> 
> Basically, this is safe as long as you use *either* `HashedControlPassword` *or*
> `CookieAuthentication` *or* both; in the case of `CookieAuthentication` only users
> with read access to the cookie file can access it.  Nearly every daemon that needs
> control access over Tor (usually to set up their own hidden service using their own
> privkey) expects `CookieAuthentication` and reads from `/var/lib/tor/control_auth-_cookie`,
> which requires that `/var/lib/tor` be readable (else it can't look up the filename).  It
> becomes just as safe as the control-unix-socket option, as that is similarly gated by
> file permissions.

I believe this addresses the security concerns Christopher Lemmer Webber had.

> Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> this is needed for Bitcoin Core support.  From what I can see more daemons support
> `ControlPort` than `ControlSocket`.

Ok, but take a look at
<https://gitlab.torproject.org/legacy/trac/-/wikis/doc/bitcoin>.
Maybe its out of date though: <https://blog.torproject.org/tor-heart-cryptocurrencies>

This patch looks good to me, except for some minor aesthetic issues in the commit message.
I ran "make system-check TESTS=tor" with this patch, which succeeded.

> Thanks
> raid5atemyhomework
> 
> 
> From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
> From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
> Date: Sat, 27 Mar 2021 14:29:31 +0800
> Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.
> 
> * gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
> (tor-configuration->torrc): Support `control-port?` field.
> (tor-activation): Allow group access to data directory if `control-port?`.
> * doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.

Usually we `quote', 'quote', "quote" or ‘quote’, but never `quote`.
I recommend 'quote', as in

commit 43937666ba6975b6c847be8e67cecd781ce27049
Author: Ludovic Courtès <ludo@gnu.org>
Date:   Fri Mar 19 14:23:57 2021 +0100

    download: 'tls-wrap' treats premature TLS termination as EOF.
    
    This is a backport of Guile commit
    076276c4f580368b4106316a77752d69c8f1494a.
    
    * guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
    call in 'catch' and handle 'error/premature-termination' GnuTLS errors.

Greetings, Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-27  9:45     ` Maxime Devos
@ 2021-03-27 11:06       ` raid5atemyhomework via Guix-patches via
  2021-03-27 12:13         ` Maxime Devos
  0 siblings, 1 reply; 9+ messages in thread
From: raid5atemyhomework via Guix-patches via @ 2021-03-27 11:06 UTC (permalink / raw)
  To: Maxime Devos; +Cc: 47155@debbugs.gnu.org

Hello Maxime,


> > Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> > this is needed for Bitcoin Core support. From what I can see more daemons support
> > `ControlPort` than `ControlSocket`.
>
> Ok, but take a look at
> https://gitlab.torproject.org/legacy/trac/-/wikis/doc/bitcoin.
> Maybe its out of date though: https://blog.torproject.org/tor-heart-cryptocurrencies

The issue is already known, and is mitigated by use of e.g. JoinMarket and Wasabi Wallet, when used with proper care to disentangle public coin addresses from your own spending.

In my particular case, use of Tor is not for pseudonymity (though if you want I can provide a coin address for Bitcoin and you can try donating to it and see if you can track me using the described technique, so you can try seeing if it actually works against an expert user of Bitcoin), but rather as a replacement for my lack of a public IP address --- instead of using a public IP address (which my ISP is much too stupid to provide to me unless I get a ***much*** higher tier of paid support) I use a Tor hidden service to allow other users to connect to my node.

> > Thanks
> > raid5atemyhomework
> > From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
> > From: raid5atemyhomework raid5atemyhomework@protonmail.com
> > Date: Sat, 27 Mar 2021 14:29:31 +0800
> > Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.
> >
> > -   gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
> >     (tor-configuration->torrc): Support `control-port?` field.
> >     (tor-activation): Allow group access to data directory if `control-port?`.
> >
> > -   doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.
>
> Usually we`quote', 'quote', "quote" or ‘quote’, but never`quote`.
> I recommend 'quote', as in
>
> commit 43937666ba6975b6c847be8e67cecd781ce27049
> Author: Ludovic Courtès ludo@gnu.org
> Date: Fri Mar 19 14:23:57 2021 +0100
>
> download: 'tls-wrap' treats premature TLS termination as EOF.
>
> This is a backport of Guile commit
> 076276c4f580368b4106316a77752d69c8f1494a.
>
> * guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
> call in 'catch' and handle 'error/premature-termination' GnuTLS errors.

Okay.

Thaks
raid5atemyhomework

From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Sat, 27 Mar 2021 14:29:31 +0800
Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.

* gnu/services/networking.scm (tor-configuration): Add 'control-port?' field.
(tor-configuration->torrc): Support 'control-port?' field.
(tor-activation): Allow group access to data directory if 'control-port?'.
* doc/guix.texi (Networking Services)[Tor]: Describe new 'control-port?' field.
---
 doc/guix.texi               | 13 +++++++++++++
 gnu/services/networking.scm | 24 +++++++++++++++++++++---
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index c23d044ff5..a9c8f930be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -87,6 +87,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
 Copyright @copyright{} 2020 John Soo@*
 Copyright @copyright{} 2020 Jonathan Brielmaier@*
 Copyright @copyright{} 2020 Edgar Vincent@*
+Copyright @copyright{} 2021 raid5atemyhomework@*

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -16676,6 +16677,18 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket
 @file{/var/run/tor/control-sock}, which will be made writable by members of the
 @code{tor} group.

+@item @code{control-port?} (default: @code{#f})
+Whether or not to provide a ``control port'' by which Tor can be controlled
+to, for instance, dynamically instantiate tor onion services.  This is more
+commonly supported by Tor controllers than using a UNIX domain socket as
+above.  If @code{#t}, Tor will listen for authenticated control commands over
+the control port 9051.  In order to authenticate to this port, Tor controllers
+need to read the cookie file at @file{/var/lib/tor/control_auth_cookie}, which
+will be made readable by members of the @code{tor} group.
+
+This can be set to a number instead, which will make Tor listen for control
+commands over the specified port number.
+
 @end table
 @end deftp

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..a4fbeaadfe 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -747,7 +747,9 @@ demand.")))
   (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
                      (default 'tcp))
   (control-socket?  tor-control-socket-path
-                    (default #f)))
+                    (default #f))
+  (control-port?    tor-control-port?
+                    (default #f))) ; #f | #t | number

 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -770,7 +772,8 @@ demand.")))
   "Return a 'torrc' file for CONFIG."
   (match config
     (($ <tor-configuration> tor config-file services
-                            socks-socket-type control-socket?)
+                            socks-socket-type control-socket?
+                            control-port?)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -795,6 +798,16 @@ UnixSocksGroupWritable 1\n" port))
 ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
 ControlSocketsGroupWritable 1\n"
                            port))
+                (when #$control-port?
+                  (format port
+                          "\
+ControlPort ~a
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+DataDirectoryGroupReadable 1\n"
+                          #$(if (eq? control-port? #t)
+                                9051
+                                control-port?)))

                 (for-each (match-lambda
                             ((service (ports hosts) ...)
@@ -884,7 +897,12 @@ HiddenServicePort ~a ~a~%"
       ;; Allow Tor to access the hidden services' directories.
       (mkdir-p "/var/lib/tor")
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)
+      ;; Allow Tor controllers to access the cookie file if control-port?
+      ;; By default this is where Tor puts the cookie file, and most Tor
+      ;; controllers expect this file location (and not on `/var/run/tor`).
+      (chmod "/var/lib/tor" #$(if (tor-control-port? config)
+                                  #o750
+                                  #o700))

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.31.0





^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-27 11:06       ` raid5atemyhomework via Guix-patches via
@ 2021-03-27 12:13         ` Maxime Devos
  2021-07-23 15:07           ` raid5atemyhomework via Guix-patches via
  0 siblings, 1 reply; 9+ messages in thread
From: Maxime Devos @ 2021-03-27 12:13 UTC (permalink / raw)
  To: raid5atemyhomework; +Cc: 47155@debbugs.gnu.org

[-- Attachment #1: Type: text/plain, Size: 1285 bytes --]

On Sat, 2021-03-27 at 11:06 +0000, raid5atemyhomework wrote:
> Hello Maxime,
> 
> 
> > > Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> > > this is needed for Bitcoin Core support. From what I can see more daemons support
> > > `ControlPort` than `ControlSocket`.
> > 
> > Ok, but take a look at
> > https://gitlab.torproject.org/legacy/trac/-/wikis/doc/bitcoin.
> > Maybe its out of date though: https://blog.torproject.org/tor-heart-cryptocurrencies
> 
> The issue is already known, and is mitigated by use of e.g. JoinMarket and Wasabi Wallet, when used with proper care to disentangle public coin addresses from your own spending.
> [...]
Ok.

>  but rather as a replacement for my lack of a public IP address --- instead of
> using a public IP address (which my ISP is much too stupid to provide to me unless I get a
> ***much*** higher tier of paid support) I use a Tor hidden service to allow other users to
> connect to my node.

Makes sense.  I know that use case, though myself I have a public IP address
at no additional cost (at least if I disable the firewall or poke holes through
it).  Probably not a static IP though.

The revised patch looks good to me, but I'm no committer.

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-27 12:13         ` Maxime Devos
@ 2021-07-23 15:07           ` raid5atemyhomework via Guix-patches via
  0 siblings, 0 replies; 9+ messages in thread
From: raid5atemyhomework via Guix-patches via @ 2021-07-23 15:07 UTC (permalink / raw)
  To: Maxime Devos; +Cc: 47155@debbugs.gnu.org

Bump.




^ permalink raw reply	[flat|nested] 9+ messages in thread

* [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.
  2021-03-15 11:15 [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor raid5atemyhomework via Guix-patches via
  2021-03-15 16:35 ` Maxime Devos
@ 2022-12-27 11:52 ` Jean Pierre De Jesus DIAZ via Guix-patches via
  1 sibling, 0 replies; 9+ messages in thread
From: Jean Pierre De Jesus DIAZ via Guix-patches via @ 2022-12-27 11:52 UTC (permalink / raw)
  To: 47155@debbugs.gnu.org; +Cc: raid5atemyhomework@protonmail.com, Maxime Devos

>+                (when #$control-port?
>+                  (format port
>+                          "\
>+ControlPort ~a
>+CookieAuthentication 1
>+CookieAuthFileGroupReadable 1
>+DataDirectoryGroupReadable 1\n"

Maybe instead of a port, we can have separate options for `control-port',
and `cookie-authentication?'.  As IIUC cookie authentication can still be
used with a control UNIX domain socket.

>+                          #$(if (eq? control-port? #t)
>+                                9051
>+                                control-port?)))

As a side note, the `if' can be removed and the port put in place into
the string directly.  But would prefer an option in the configuration
record for the control port.


—
Jean-Pierre De Jesus DIAZ





^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2022-12-27 11:54 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-15 11:15 [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor raid5atemyhomework via Guix-patches via
2021-03-15 16:35 ` Maxime Devos
2021-03-15 23:42   ` raid5atemyhomework via Guix-patches via
2021-03-27  6:37   ` raid5atemyhomework via Guix-patches via
2021-03-27  9:45     ` Maxime Devos
2021-03-27 11:06       ` raid5atemyhomework via Guix-patches via
2021-03-27 12:13         ` Maxime Devos
2021-07-23 15:07           ` raid5atemyhomework via Guix-patches via
2022-12-27 11:52 ` Jean Pierre De Jesus DIAZ via Guix-patches via

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).