On 09/05/2016 12:43 AM, meejah wrote:
Could you use ADD_ONION instead? Why are you using the on-disk API if you don't want to give your thing permission to read those directories?
I'll consider it, but I want the onion service to be relatively permanent. It would best if the hostname didn't change every time tor restarted.
I also don't see why you'd give something permission to use the control-port, but *not* permission to read hostname/private_key files...?
I'd just rather not risk unnecessary exposure of private keys. The software doesn't need the key, so I'm risking compromise just to do private -> public -> hostname, I'd rather query the hostname directly. I'm using cookie authentication and both tor and onions-server have a copy of the cookie file. This way I can set up IPC between them in a more secure manner and they can each run as a separate user.
(p.s. I can't reach http://onions55e7yam27n.onion/)
Nothing is online at the moment. I'll make a separate post once everything is ready.