On Thu, 28 May 2015 14:55:07 +0200 anonym anonym@riseup.net wrote:
On 05/27/2015 09:19 PM, David Goulet wrote:
- IsolatePID is a new option that will make torsocks set the SOCKS5 username and password automatically to provide isolation on Tor
side.
You can use this with the -i,--isolate command added or TORSOCKS_ISOLATE_PID env. variable.
Perhaps I'm overlooking the purpose of this option, but it doesn't look like something you can rely on to get stream isolation between separate torsocks invocations. For instance, on a POSIX-compliant system a PID can be reused as soon as the process using it has terminated. This implies that, for any purpose, a PID should only be used as a unique identifier for the duration of the process using it.
Assuming the purpose is to provide stream isolation between torsocks invocations, why not generate a big random numbers for the socks auth user/password instead? 256 bits should be enough even when taking the birthday paradox into account.
In practice PID resuage perhaps isn't a problem for any realistic use case, making my remarks into theoretical nitpicking, but YMMV.
Ah, this is a matter of "the feature is explained in a simple manner in the abbreviated changelog".
What the flag actually does is: * Username set to 'torsocks-' PID ':' unixTime * Password set to '0'. (If one day torsocks wants to add something like a signal handler to get tor browser 'new circuit' type behavior, my plan was to increment this, not currently used).
While not as great as 256 bit random numbers, PID reuse within the same second is rather unlikely, at least under Linux PIDs are only recycled when the pid wraps (/proc/sys/kernel/pid_max), I assume most other Unixes follow similar behavior.
The identifier was chosen such that it would be blatantly obvious in circuit listings as to which torsocks instance things belong to. There is space in the username field, so appending a hexdecimal large random number or something is certainly possible and quite trivial.
Regards,