hi,
ROFLCopTor aims to be an exhaustive Tor control port filter daemon written in golang. https://github.com/subgraph/roflcoptor maintainer: David Stainton
The Tor control port exposes powerful functionality, much more authority than most applications need when they talk to the Tor control port. In accordance with the principal of least authority [1] each software module would ideally have authority over only the resources needed to perform it's tasks. Here in the context of ROFLCopTor, we seek to illiminate excess authority from applications which utilize the Tor control port, therefore they will not be in the debian-tor group or otherwise have access to the tor control port UNIX domain socket or TCP listener. The only available access to the tor control port being via ROFLCoptor which exposes a TCP listener and or a UNIX domain socket. Applications can be allowed to authenticate with ROFLCoptor but this isn't necessary because the filtration policy is applied based on the client application's exec path which is discovered by matching the socket inode via the Linux proc filesystem.
[1] - The Structure of Authority: Why Security Is not a Separable Concern http://www.erights.org/talks/no-sep/secnotsep.pdf
On Tue, Jun 21, 2016 at 06:19:13PM +0000, isis agora lovecruft wrote:
Nima Fatemi transcribed 4.1K bytes:
Here's the information I need from you:
Name of the project, along with a paragraph explaining the significance of the project and why it matters. Link to the project, and name or the handle of the maintainer.