Description ----------- This case proposes to deliver packages containing the Tor project sofware. Tor (https://www.torproject.org) is software lets one to participate in a network of virtual tunnels that allow people and groups to improve their privacy and security on the internet. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. See this page for more details: https://www.torproject.org/overview.html.en Notes: * Currently we are planning to deliver version 0.2.0.34 * Tor uses only TCP streams and can be used by any application with SOCKS support. * Tor does NOT support IPv6 yet (https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#IPv6) * Tor uses OpenSSL for key generation and for encrypting the data between relays. As it works fine with the OpenSSL currently in Solaris, there are no plans to change it to use PKCS11 or KMF. Least Privilege/RBAC -------------------- This project will deliver new authorizations to /etc/security/auth_attr for managing the SMF services for starting and stopping the relay server: solaris.smf.value.tor:::Change tor value properties:: solaris.smf.manage.tor:::Manage tor service states:: The following rights profile will be added to /etc/security/prof_attr: Tor Administration::::auths=solaris.smf.manage.tor,solaris.smf.value.tor The following will be added to /etc/security/exec_attr: Tor Administration:solaris:cmd:::/usr/lib/tor:uid=daemon,gid=daemon,privs=basic,net_privaddr Tor Administration:solaris:cmd:::/usr/bin/tor-gencert:uid=daemon,gid=daemon,privs=basic Tor Administration:solaris:cmd:::/usr/bin/tor-resolve:uid=daemon,gid=daemon,privs=basic Tor will run as uid/gid "daemon/daemon". It may be configured to listen on a privileged port such as 443 if it is configured as a bridge relay and therefore the "priv_net_privaddr" is needed in addition to the basic privilege profile. SMF --- This project will deliver an SMF manifest and script that will allow the tor relay daemon to be restarted via SMF. The SMF service will be: svc:/network/tor:default (Tor Relay Daemon) Zones ----- Tor can (and probably should) be run in a local zone with no restrictions other than the fact that it needs a working network interface. There is no technical reason why it would NOT work in a TX zone, though that configuration has not been tested. Auditing -------- Tor does not make access control decisions and is not an administrative tool that requires BSM auditing. Configuration ------------- Tor is an open source project and has an existing configuration system that relies on a text based configuration file. An configuration file will be delivered in /etc/torrc. The delivered configuration file will enable Tor to listen on port 9050 for SOCKS connections and on port 9001 for Tor relay connections. All other ports will be disabled. The configuration file contains a long list of options for configuring the ports and interfaces that the relay will listen to as well as other details such as logging levels, configuring "hidden" services (see https://www.torproject.org/hidden-services.html.en for a detailed description of the hidden service protocol), and limiting the bandwidth that the relay will use. The upstream Tor community is fairly active and releases updates several times each year. Making Solaris-specific changes (such as putting config options in an SMF profile) will make it harder to keep up with the community and resync with the current releases. Packing Modifications --------------------- SUNWtor Tor software for userland SUNWtor-root Tor software for Root filesystem Deliverables ------------ /usr/lib/tor SFW Uncommitted /usr/bin/tor-resolve SFW Uncommitted /usr/bin/tor-gencert SFW Uncommitted /etc/torrc SFW Uncommitted /usr/share/tor/geoip SFW Uncommitted /usr/man/man1m/tor.1m SFW Uncommitted /usr/man/man1/tor-resolve.1 SFW Uncommitted /usr/man/man1/tor-gencert.1 SFW Uncommitted Details ------- tor is the main daemon process that is started by the "tor" SMF profile. tor-resolve is a script to connect to a SOCKS proxy that knows about the SOCKS RESOLVE command, hand it a hostname, and return an IP address. tor-gencert generates certificates and private keys for use by Tor directory authorities running the v3 Tor directory protocol, as used by Tor 0.2.0 and later. If you are not running a directory authority, you don't need to use tor- gencert. tor-gencert generates 3 files that the user must then copy to the "keys" subdirectory (/var/lib/tor/keys) - "authority_identity_key", "authority_signing_key" and "authority_certificate". geoip is an ASCII based database of IP-to-Country name mappings. It is not intended to be edited by users. OpenSource ---------- OSR Review: 9954 (approved - Tor version 0.2.0.30) 11364 (pending expedited review - Tor version 0.2.0.34) Tor Project: https://www.torproject.org Tor Wiki: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ Release Taxonomy: Micro/Patch