Feature #12024: Consider using unix sockets for onion services in Tails Server

Feature #12024

Consider using unix sockets for onion services in Tails Server

Added by segfault 2016-12-09 00:24:03 . Updated 2019-07-19 22:05:12 .

Status:

Confirmed

Priority:

Normal

Assignee:

segfault

Category:

Target version:

Start date:

2016-12-09

Due date:

% Done:

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Server

Deliverable for:

Description

Instead of listening on 127.0.0.1 via TCP, Tor supports listening on a unix socket. This has the potential to be faster [1], prevents potential localhost bypasses [2], and allows the use of systemd’s privatenetwork isolation feature [2,3] (although the latter would not work with LAN connections).

[1] https://trac.torproject.org/projects/tor/ticket/11485
[2] https://riseup.net/en/security/network-security/tor/onionservices-best-practices
[3] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateNetwork=

Not all services support listening on unix sockets though.

Subtasks

History

#1 Updated by segfault 2019-07-19 22:05:12

Affected tool set to Server