Feature #12024

Consider using unix sockets for onion services in Tails Server

Added by segfault 2016-12-09 00:24:03 . Updated 2019-07-19 22:05:12 .

Status:
Confirmed
Priority:
Normal
Assignee:
segfault
Category:
Target version:
Start date:
2016-12-09
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Server
Deliverable for:

Description

Instead of listening on 127.0.0.1 via TCP, Tor supports listening on a unix socket. This has the potential to be faster [1], prevents potential localhost bypasses [2], and allows the use of systemd’s privatenetwork isolation feature [2,3] (although the latter would not work with LAN connections).

[1] https://trac.torproject.org/projects/tor/ticket/11485
[2] https://riseup.net/en/security/network-security/tor/onionservices-best-practices
[3] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateNetwork=

Not all services support listening on unix sockets though.


Subtasks


History

#1 Updated by segfault 2019-07-19 22:05:12

  • Affected tool set to Server