Delivery-Date: Thu, 28 May 2015 08:55:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 97B571E030C;
	Thu, 28 May 2015 08:55:42 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4438635B2D;
	Thu, 28 May 2015 12:55:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E7FC226554;
 Thu, 28 May 2015 12:55:16 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id REtD5qTUpQsk; Thu, 28 May 2015 12:55:16 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id C012523952;
 Thu, 28 May 2015 12:55:13 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id D344240B98;
 Thu, 28 May 2015 12:55:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1432817710; bh=xCnbHZAxlh0kxL4Zwe56jID0XRT+5eAal/Y/28CFAzQ=;
 h=Date:From:To:CC:Subject:References:In-Reply-To:From;
 b=rlr7yhBH8X4A75uWgldjHIgQ3O2fEzd0hYHrRgGxxF7DYfc9QPSMakuQfGYlHatsb
 c1equqY4Hiw2O/IAfUrn+HT1jL8wUtkfi5awmCazB52buw/6IdS+fxERpoOrfSb8oR
 5JWa5f2ultTXNYFP/A+kngRQoq6iVlnxplauSKPo=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: anonym) with ESMTPSA id 2B87F43B54
Message-ID: <5567102B.7000308@riseup.net>
Date: Thu, 28 May 2015 14:55:07 +0200
From: anonym <anonym@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.7.0
MIME-Version: 1.0
To: tor-dev@lists.torproject.org
References: <20150527191953.GC14163@raoul>
In-Reply-To: <20150527191953.GC14163@raoul>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1
X-Virus-Status: Clean
Cc: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] [tor-dev] [RELEASE] Torsocks 2.1.0
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 05/27/2015 09:19 PM, David Goulet wrote:
> - IsolatePID is a new option that will make torsocks set the SOCKS5
>   username and password automatically to provide isolation on Tor side.
> 
>   You can use this with the -i,--isolate command added or
>   TORSOCKS_ISOLATE_PID env. variable.

Perhaps I'm overlooking the purpose of this option, but it doesn't look
like something you can rely on to get stream isolation between separate
torsocks invocations. For instance, on a POSIX-compliant system a PID
can be reused as soon as the process using it has terminated. This
implies that, for any purpose, a PID should only be used as a unique
identifier for the duration of the process using it.

Assuming the purpose is to provide stream isolation between torsocks
invocations, why not generate a big random numbers for the socks auth
user/password instead? 256 bits should be enough even when taking the
birthday paradox into account.

In practice PID resuage perhaps isn't a problem for any realistic use
case, making my remarks into theoretical nitpicking, but YMMV.

Cheers!

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

