Project

General

Profile

Feature #12024

Consider using unix sockets for onion services in Tails Server

Added by segfault almost 3 years ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
12/09/2016
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
Affected tool:
Server

Description

Instead of listening on 127.0.0.1 via TCP, Tor supports listening on a unix socket. This has the potential to be faster [1], prevents potential localhost bypasses [2], and allows the use of systemd's privatenetwork isolation feature [2,3] (although the latter would not work with LAN connections).

[1] https://trac.torproject.org/projects/tor/ticket/11485
[2] https://riseup.net/en/security/network-security/tor/onionservices-best-practices
[3] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateNetwork=

Not all services support listening on unix sockets though.

History

#1 Updated by segfault 3 months ago

  • Affected tool set to Server

Also available in: Atom PDF