Feature #12024
Consider using unix sockets for onion services in Tails Server
Start date:
2016-12-09
Due date:
% Done:
0%
Description
Instead of listening on 127.0.0.1 via TCP, Tor supports listening on a unix socket. This has the potential to be faster [1], prevents potential localhost bypasses [2], and allows the use of systemd’s privatenetwork isolation feature [2,3] (although the latter would not work with LAN connections).
[1] https://trac.torproject.org/projects/tor/ticket/11485
[2] https://riseup.net/en/security/network-security/tor/onionservices-best-practices
[3] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateNetwork=
Not all services support listening on unix sockets though.
Subtasks
History
#1 Updated by segfault 2019-07-19 22:05:12
- Affected tool set to Server