[PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.

OpenSubmitted by raid5atemyhomework.
Details
2 participants
  • Maxime Devos
  • raid5atemyhomework
Owner
unassigned
Severity
normal
R
R
raid5atemyhomework wrote on 15 Mar 2021 12:15
(name . Guix Patches)(address . guix-patches@gnu.org)
z7bo5cNBBIFwYrhxbJfvgpqSV8WXpQlpP9NKuZkyGvuXUP7iVJ86yHGgPuVlYgAmxas9QM_VF6XBy5AiktHlNubv_a6RMMwqIisIFzMHW7A=@protonmail.com
Currently, if you set DataDirectoryGroupReadable 1 in your torrc, it will be respected only if tor is started up. If you reconfigure your OS without restarting the tor service, the directory permissions are reset due to the activation code being re-run and resetting the directory permissions.

This change simply does not chmod if the directory already exists.


Thanks
raid5atemyhomework


From d6037c59e642eaafebe43996e7419e1b58fee616 Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Mon, 15 Mar 2021 19:10:01 +0800
Subject: [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor.

* gnu/services/networking.scm (tor-activation): Do not change permissions
of tor data directory if it already exists.
---
gnu/services/networking.scm | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..65d2d39f0b 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -881,10 +881,16 @@ HiddenServicePort ~a ~a~%"
       ;; of the "tor" group will be able to use the SOCKS socket.
       (chmod "/var/run/tor" #o750)

-      ;; Allow Tor to access the hidden services' directories.
-      (mkdir-p "/var/lib/tor")
+      ;; If the directory already exists, do not chmod it again; the user
+      ;; might have set "DataDirectoryGroupReadable 1" in the torrc.
+      ;; Without this check, a `guix system reconfigure` will cause the
+      ;; directory to lose group permissions until Tor is restarted, even
+      ;; if changes to the operating-system were unrelated to Tor.
+      (unless (file-exists? "/var/lib/tor")
+        (mkdir-p "/var/lib/tor")
+        ;; Allow only Tor and root to access the hidden services' directories.
+        (chmod "/var/lib/tor" #o700))
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.30.2
M
M
Maxime Devos wrote on 15 Mar 2021 17:35
e44fda4f60e6d14124041fcf0ecf14eca3062197.camel@telenet.be
On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via wrote:
Toggle quote (2 lines)
> Currently, if you set DataDirectoryGroupReadable 1 in your torrc,

What are the reasons for setting DataDirectoryGroupReadable 1?

Toggle quote (2 lines)
> it will be respected only if tor is started up.

IIUC, tor will adjust the permissions of the directory to make it
group readable (while Guix' activation code creates the directory
group-unreadable).

Toggle quote (6 lines)
> If you reconfigure your OS without restarting the tor service,
> the directory permissions are reset due to the activation code being
> re-run and resetting the directory permissions.
>
> This change simply does not chmod if the directory already exists.

I believe it would be more transparent to introduce a
(data-directory-group-readable? #t/#f), with #f as default,
to tor-configuration (adjusting tor-configuration->torrc)
and change the permission bits passed to chmod appropriately.

(Documentation & reproducible system configuration & one integrated
system (in the software sense) and all that)

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYE+MxxccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7i8rAQDnfcVXyhtefxIJYr7MI1J1yPUo
Km9Q7+oxivLBt6LEQAEA8zrxUKFQhXNAfyCVu6esCCUGjes2fRUREDSaDnpbAQw=
=67Ed
-----END PGP SIGNATURE-----


R
R
raid5atemyhomework wrote on 16 Mar 2021 00:42
(name . Maxime Devos)(address . maximedevos@telenet.be)(name . 47155@debbugs.gnu.org)(address . 47155@debbugs.gnu.org)
F6piizM-xkOFPmiVpRTgsQ2A1lGvyuJjBkIzKQfRiM4bHKdLgX0937TDZ7yi75MDFPbQz2ypAY2PIQNrYPRr2jAdULbE2zqiU1_RaifSp-A=@protonmail.com
Toggle quote (7 lines)
> On Mon, 2021-03-15 at 11:15 +0000, raid5atemyhomework via Guix-patches via wrote:
>
> > Currently, if you set DataDirectoryGroupReadable 1 in your torrc,
>
> What are the reasons for setting DataDirectoryGroupReadable 1?
>

When using cookie-based authentication, the cookie file is traditionally placed in the data directory. If the directory is not accessible from group, then only the `tor` user can access the cookie and control `tor`. With this option, the cookie can be accessed by members of the `tor` group.

Toggle quote (6 lines)
> > it will be respected only if tor is started up.
>
> IIUC, tor will adjust the permissions of the directory to make it
> group readable (while Guix' activation code creates the directory
> group-unreadable).

Correct. However, when doing a `guix system reconfigure`, the activation code will be called again, which changes the directory back to group unreadable, without restarting tor. `tor` itself will only set the permissions when it starts up, and will ignore the permissions while running.

Toggle quote (14 lines)
>
> > If you reconfigure your OS without restarting the tor service,
> > the directory permissions are reset due to the activation code being
> > re-run and resetting the directory permissions.
> > This change simply does not chmod if the directory already exists.
>
> I believe it would be more transparent to introduce a
> (data-directory-group-readable? #t/#f), with #f as default,
> to tor-configuration (adjusting tor-configuration->torrc)
> and change the permission bits passed to chmod appropriately.
>
> (Documentation & reproducible system configuration & one integrated
> system (in the software sense) and all that)

Possibly.

Thanks
raid5atemyhomework
R
R
raid5atemyhomework wrote on 27 Mar 2021 07:37
(name . Maxime Devos)(address . maximedevos@telenet.be)(name . 47155@debbugs.gnu.org)(address . 47155@debbugs.gnu.org)
Nn2G3E02SlzH5ap6fu2ooKYkQQ3NOJLZqQHFD6LB-ioODuOG5-tUzQqBsCtfGXN_ROqzQEl3WUr2vEB2Hgs5NMEmsfkxmigUZEqzojufXwE=@protonmail.com
Toggle quote (14 lines)
> > If you reconfigure your OS without restarting the tor service,
> > the directory permissions are reset due to the activation code being
> > re-run and resetting the directory permissions.
> > This change simply does not chmod if the directory already exists.
>
> I believe it would be more transparent to introduce a
> (data-directory-group-readable? #t/#f), with #f as default,
> to tor-configuration (adjusting tor-configuration->torrc)
> and change the permission bits passed to chmod appropriately.
>
> (Documentation & reproducible system configuration & one integrated
> system (in the software sense) and all that)


But really though, the primary reason for this is to use the "cookie" authentication scheme with a control port on 9051. This is supported by most daemons, as the "control unix socket" (that is currently supported by `control-socket?` option) seems to be relatively new (Tor 0.2.7.1).

This requires adding:

ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
DataDirectoryGroupReadable 1

In https://issues.guix.gnu.org/46549which implements `control-socket?` the author expressed doubt as to the safety of this mechanism. Looking at the Tor manpage regarding `ControlPort`:

```
Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication, setting this option will cause Tor to allow any process on the local
host to control it. (Setting both authentication methods means either method is sufficient to authenticate to Tor.) This option is required for many Tor controllers; most use
the value of 9051.
```

Basically, this is safe as long as you use *either* `HashedControlPassword` *or* `CookieAuthentication` *or* both; in the case of `CookieAuthentication` only users with read access to the cookie file can access it. Nearly every daemon that needs control access over Tor (usually to set up their own hidden service using their own privkey) expects `CookieAuthentication` and reads from `/var/lib/tor/control_auth-_cookie`, which requires that `/var/lib/tor` be readable (else it can't look up the filename). It becomes just as safe as the control-unix-socket option, as that is similarly gated by file permissions.

Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so this is needed for Bitcoin Core support. From what I can see more daemons support `ControlPort` than `ControlSocket`.


Thanks
raid5atemyhomework


From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Sat, 27 Mar 2021 14:29:31 +0800
Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.

* gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
(tor-configuration->torrc): Support `control-port?` field.
(tor-activation): Allow group access to data directory if `control-port?`.
* doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.
---
doc/guix.texi | 13 +++++++++++++
gnu/services/networking.scm | 24 +++++++++++++++++++++---
2 files changed, 34 insertions(+), 3 deletions(-)

Toggle diff (87 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index c23d044ff5..a9c8f930be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -87,6 +87,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
 Copyright @copyright{} 2020 John Soo@*
 Copyright @copyright{} 2020 Jonathan Brielmaier@*
 Copyright @copyright{} 2020 Edgar Vincent@*
+Copyright @copyright{} 2021 raid5atemyhomework@*

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -16676,6 +16677,18 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket
 @file{/var/run/tor/control-sock}, which will be made writable by members of the
 @code{tor} group.

+@item @code{control-port?} (default: @code{#f})
+Whether or not to provide a ``control port'' by which Tor can be controlled
+to, for instance, dynamically instantiate tor onion services.  This is more
+commonly supported by Tor controllers than using a UNIX domain socket as
+above.  If @code{#t}, Tor will listen for authenticated control commands over
+the control port 9051.  In order to authenticate to this port, Tor controllers
+need to read the cookie file at @file{/var/lib/tor/control_auth_cookie}, which
+will be made readable by members of the @code{tor} group.
+
+This can be set to a number instead, which will make Tor listen for control
+commands over the specified port number rather than the default 9051.
+
 @end table
 @end deftp

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..a4fbeaadfe 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -747,7 +747,9 @@ demand.")))
   (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
                      (default 'tcp))
   (control-socket?  tor-control-socket-path
-                    (default #f)))
+                    (default #f))
+  (control-port?    tor-control-port?
+                    (default #f))) ; #f | #t | number

 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -770,7 +772,8 @@ demand.")))
   "Return a 'torrc' file for CONFIG."
   (match config
     (($ <tor-configuration> tor config-file services
-                            socks-socket-type control-socket?)
+                            socks-socket-type control-socket?
+                            control-port?)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -795,6 +798,16 @@ UnixSocksGroupWritable 1\n" port))
 ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
 ControlSocketsGroupWritable 1\n"
                            port))
+                (when #$control-port?
+                  (format port
+                          "\
+ControlPort ~a
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+DataDirectoryGroupReadable 1\n"
+                          #$(if (eq? control-port? #t)
+                                9051
+                                control-port?)))

                 (for-each (match-lambda
                             ((service (ports hosts) ...)
@@ -884,7 +897,12 @@ HiddenServicePort ~a ~a~%"
       ;; Allow Tor to access the hidden services' directories.
       (mkdir-p "/var/lib/tor")
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)
+      ;; Allow Tor controllers to access the cookie file if control-port?
+      ;; By default this is where Tor puts the cookie file, and most Tor
+      ;; controllers expect this file location (and not on `/var/run/tor`).
+      (chmod "/var/lib/tor" #$(if (tor-control-port? config)
+                                  #o750
+                                  #o700))

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.31.0
M
M
Maxime Devos wrote on 27 Mar 2021 10:45
(name . raid5atemyhomework)(address . raid5atemyhomework@protonmail.com)(name . 47155@debbugs.gnu.org)(address . 47155@debbugs.gnu.org)
2385f734152be7ed5351bc07dcc7d77e5f22efd0.camel@telenet.be
On Sat, 2021-03-27 at 06:37 +0000, raid5atemyhomework wrote:
Toggle quote (46 lines)
> > > If you reconfigure your OS without restarting the tor service,
> > > the directory permissions are reset due to the activation code being
> > > re-run and resetting the directory permissions.
> > > This change simply does not chmod if the directory already exists.
> >
> > I believe it would be more transparent to introduce a
> > (data-directory-group-readable? #t/#f), with #f as default,
> > to tor-configuration (adjusting tor-configuration->torrc)
> > and change the permission bits passed to chmod appropriately.
> >
> > (Documentation & reproducible system configuration & one integrated
> > system (in the software sense) and all that)
>
> But really though, the primary reason for this is to use the "cookie"
> authentication scheme with a control port on 9051. This is supported
> by most daemons, as the "control unix socket" (that is currently supported
> by `control-socket?` option) seems to be relatively new (Tor 0.2.7.1).
>
> This requires adding:
>
> ControlPort 9051
> CookieAuthentication 1
> CookieAuthFileGroupReadable 1
> DataDirectoryGroupReadable 1
>
> In https://issues.guix.gnu.org/46549 which implements `control-socket?` the
> author expressed doubt as to the safety of this mechanism. Looking at the Tor
> manpage regarding `ControlPort`:
>
> ```
> Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication,
> setting this option will cause Tor to allow any process on the local
> host to control it. (Setting both authentication methods means either method is sufficient
> to authenticate to Tor.) This option is required for many Tor controllers; most use
> the value of 9051.
> ```
>
> Basically, this is safe as long as you use *either* `HashedControlPassword` *or*
> `CookieAuthentication` *or* both; in the case of `CookieAuthentication` only users
> with read access to the cookie file can access it. Nearly every daemon that needs
> control access over Tor (usually to set up their own hidden service using their own
> privkey) expects `CookieAuthentication` and reads from `/var/lib/tor/control_auth-_cookie`,
> which requires that `/var/lib/tor` be readable (else it can't look up the filename). It
> becomes just as safe as the control-unix-socket option, as that is similarly gated by
> file permissions.

I believe this addresses the security concerns Christopher Lemmer Webber had.

Toggle quote (4 lines)
> Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> this is needed for Bitcoin Core support. From what I can see more daemons support
> `ControlPort` than `ControlSocket`.

Ok, but take a look at

This patch looks good to me, except for some minor aesthetic issues in the commit message.
I ran "make system-check TESTS=tor" with this patch, which succeeded.

Toggle quote (14 lines)
> Thanks
> raid5atemyhomework
>
>
> From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
> From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
> Date: Sat, 27 Mar 2021 14:29:31 +0800
> Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.
>
> * gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
> (tor-configuration->torrc): Support `control-port?` field.
> (tor-activation): Allow group access to data directory if `control-port?`.
> * doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.

Usually we `quote', 'quote', "quote" or ‘quote’, but never `quote`.
I recommend 'quote', as in

commit 43937666ba6975b6c847be8e67cecd781ce27049
Author: Ludovic Courtès <ludo@gnu.org>
Date: Fri Mar 19 14:23:57 2021 +0100

download: 'tls-wrap' treats premature TLS termination as EOF.
This is a backport of Guile commit
076276c4f580368b4106316a77752d69c8f1494a.
* guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
call in 'catch' and handle 'error/premature-termination' GnuTLS errors.

Greetings, Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYF7+xxccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7g1VAQCiugoKSfkGK54AZqLsxSO6zEgB
ECwVm8uW2dPTJWUUiwEApymmyQFu52SHhXKK9zWYa7YBaXw180cwfrfg/2pb3go=
=hCEt
-----END PGP SIGNATURE-----


R
R
raid5atemyhomework wrote on 27 Mar 2021 12:06
(name . Maxime Devos)(address . maximedevos@telenet.be)(name . 47155@debbugs.gnu.org)(address . 47155@debbugs.gnu.org)
zEE0AN0uMjyF00w209X_JoZCNCHOz8UvaPUszYKXBczahwxfUxn-RqZrp9AZJ2YStaVKyA4zwldHuJxni4QP3_jEmWuvLxNRK872su5cTQE=@protonmail.com
Hello Maxime,


Toggle quote (8 lines)
> > Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> > this is needed for Bitcoin Core support. From what I can see more daemons support
> > `ControlPort` than `ControlSocket`.
>
> Ok, but take a look at
> https://gitlab.torproject.org/legacy/trac/-/wikis/doc/bitcoin.
> Maybe its out of date though: https://blog.torproject.org/tor-heart-cryptocurrencies

The issue is already known, and is mitigated by use of e.g. JoinMarket and Wasabi Wallet, when used with proper care to disentangle public coin addresses from your own spending.

In my particular case, use of Tor is not for pseudonymity (though if you want I can provide a coin address for Bitcoin and you can try donating to it and see if you can track me using the described technique, so you can try seeing if it actually works against an expert user of Bitcoin), but rather as a replacement for my lack of a public IP address --- instead of using a public IP address (which my ISP is much too stupid to provide to me unless I get a ***much*** higher tier of paid support) I use a Tor hidden service to allow other users to connect to my node.

Toggle quote (28 lines)
> > Thanks
> > raid5atemyhomework
> > From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
> > From: raid5atemyhomework raid5atemyhomework@protonmail.com
> > Date: Sat, 27 Mar 2021 14:29:31 +0800
> > Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.
> >
> > - gnu/services/networking.scm (tor-configuration): Add `control-port?` field.
> > (tor-configuration->torrc): Support `control-port?` field.
> > (tor-activation): Allow group access to data directory if `control-port?`.
> >
> > - doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` field.
>
> Usually we`quote', 'quote', "quote" or ‘quote’, but never`quote`.
> I recommend 'quote', as in
>
> commit 43937666ba6975b6c847be8e67cecd781ce27049
> Author: Ludovic Courtès ludo@gnu.org
> Date: Fri Mar 19 14:23:57 2021 +0100
>
> download: 'tls-wrap' treats premature TLS termination as EOF.
>
> This is a backport of Guile commit
> 076276c4f580368b4106316a77752d69c8f1494a.
>
> * guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
> call in 'catch' and handle 'error/premature-termination' GnuTLS errors.

Okay.

Thaks
raid5atemyhomework

From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001
From: raid5atemyhomework <raid5atemyhomework@protonmail.com>
Date: Sat, 27 Mar 2021 14:29:31 +0800
Subject: [PATCH] gnu: Add 'control-port?' setting to Tor.

* gnu/services/networking.scm (tor-configuration): Add 'control-port?' field.
(tor-configuration->torrc): Support 'control-port?' field.
(tor-activation): Allow group access to data directory if 'control-port?'.
* doc/guix.texi (Networking Services)[Tor]: Describe new 'control-port?' field.
---
doc/guix.texi | 13 +++++++++++++
gnu/services/networking.scm | 24 +++++++++++++++++++++---
2 files changed, 34 insertions(+), 3 deletions(-)

Toggle diff (87 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index c23d044ff5..a9c8f930be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -87,6 +87,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
 Copyright @copyright{} 2020 John Soo@*
 Copyright @copyright{} 2020 Jonathan Brielmaier@*
 Copyright @copyright{} 2020 Edgar Vincent@*
+Copyright @copyright{} 2021 raid5atemyhomework@*

 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -16676,6 +16677,18 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket
 @file{/var/run/tor/control-sock}, which will be made writable by members of the
 @code{tor} group.

+@item @code{control-port?} (default: @code{#f})
+Whether or not to provide a ``control port'' by which Tor can be controlled
+to, for instance, dynamically instantiate tor onion services.  This is more
+commonly supported by Tor controllers than using a UNIX domain socket as
+above.  If @code{#t}, Tor will listen for authenticated control commands over
+the control port 9051.  In order to authenticate to this port, Tor controllers
+need to read the cookie file at @file{/var/lib/tor/control_auth_cookie}, which
+will be made readable by members of the @code{tor} group.
+
+This can be set to a number instead, which will make Tor listen for control
+commands over the specified port number.
+
 @end table
 @end deftp

diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 231a9f66c7..a4fbeaadfe 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -747,7 +747,9 @@ demand.")))
   (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
                      (default 'tcp))
   (control-socket?  tor-control-socket-path
-                    (default #f)))
+                    (default #f))
+  (control-port?    tor-control-port?
+                    (default #f))) ; #f | #t | number

 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -770,7 +772,8 @@ demand.")))
   "Return a 'torrc' file for CONFIG."
   (match config
     (($ <tor-configuration> tor config-file services
-                            socks-socket-type control-socket?)
+                            socks-socket-type control-socket?
+                            control-port?)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -795,6 +798,16 @@ UnixSocksGroupWritable 1\n" port))
 ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
 ControlSocketsGroupWritable 1\n"
                            port))
+                (when #$control-port?
+                  (format port
+                          "\
+ControlPort ~a
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+DataDirectoryGroupReadable 1\n"
+                          #$(if (eq? control-port? #t)
+                                9051
+                                control-port?)))

                 (for-each (match-lambda
                             ((service (ports hosts) ...)
@@ -884,7 +897,12 @@ HiddenServicePort ~a ~a~%"
       ;; Allow Tor to access the hidden services' directories.
       (mkdir-p "/var/lib/tor")
       (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
-      (chmod "/var/lib/tor" #o700)
+      ;; Allow Tor controllers to access the cookie file if control-port?
+      ;; By default this is where Tor puts the cookie file, and most Tor
+      ;; controllers expect this file location (and not on `/var/run/tor`).
+      (chmod "/var/lib/tor" #$(if (tor-control-port? config)
+                                  #o750
+                                  #o700))

       ;; Make sure /var/lib is accessible to the 'tor' user.
       (chmod "/var/lib" #o755)
--
2.31.0
M
M
Maxime Devos wrote on 27 Mar 2021 13:13
(name . raid5atemyhomework)(address . raid5atemyhomework@protonmail.com)(name . 47155@debbugs.gnu.org)(address . 47155@debbugs.gnu.org)
62b096ded17719c7aa79bbc0c5f80bdd5d7f5e68.camel@telenet.be
On Sat, 2021-03-27 at 11:06 +0000, raid5atemyhomework wrote:
Toggle quote (13 lines)
> Hello Maxime,
>
>
> > > Note in particular that Bitcoin Core supports `ControlPort` and not `ControlSocket`, so
> > > this is needed for Bitcoin Core support. From what I can see more daemons support
> > > `ControlPort` than `ControlSocket`.
> >
> > Ok, but take a look at
> > https://gitlab.torproject.org/legacy/trac/-/wikis/doc/bitcoin.
> > Maybe its out of date though: https://blog.torproject.org/tor-heart-cryptocurrencies
>
> The issue is already known, and is mitigated by use of e.g. JoinMarket and Wasabi Wallet, when used with proper care to disentangle public coin addresses from your own spending.
> [...]
Ok.

Toggle quote (5 lines)
> but rather as a replacement for my lack of a public IP address --- instead of
> using a public IP address (which my ISP is much too stupid to provide to me unless I get a
> ***much*** higher tier of paid support) I use a Tor hidden service to allow other users to
> connect to my node.

Makes sense. I know that use case, though myself I have a public IP address
at no additional cost (at least if I disable the firewall or poke holes through
it). Probably not a static IP though.

The revised patch looks good to me, but I'm no committer.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYF8hdhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7lHbAQD/+MmdR0nVpzmS94HaCW3YBC2C
YrkVoRWOXUj1kuX7ngD/cGIWEQjtr+qQF7W0IpCmv6NoBFPXwxpATtAKDIh8lww=
=i3qw
-----END PGP SIGNATURE-----


R
R
raid5atemyhomework wrote on 23 Jul 2021 17:07
(name . Maxime Devos)(address . maximedevos@telenet.be)(name . 47155@debbugs.gnu.org)(address . 47155@debbugs.gnu.org)
8xOEgJA-rlx-1caFyLD1FhRsSqlSCDIqyOZSPfuXMLwlzTZNY6NJuNKpyQPW5I1Giwr9qmZIXYKnaKXdmE2TI25EgX9jJgXHAY5VrYKaEQ0=@protonmail.com
?