aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2006-02-13 06:25:16 +0000
committerRoger Dingledine <arma@torproject.org>2006-02-13 06:25:16 +0000
commit350313d77a1b9dc20abae088ca9db7662dd8a80b (patch)
treeb1722b63b6331fcff7e81fd7e75eb618892e95ec /doc
parent1181ae61aef77aa505542433c801791b9b13a522 (diff)
downloadtor-350313d77a1b9dc20abae088ca9db7662dd8a80b.tar.gz
tor-350313d77a1b9dc20abae088ca9db7662dd8a80b.zip
Let the users set ControlListenAddress in the torrc.
This can be dangerous, but there are some cases (like a secured LAN) where it makes sense. svn:r5997
Diffstat (limited to 'doc')
-rw-r--r--doc/TODO7
-rw-r--r--doc/tor.1.in10
2 files changed, 10 insertions, 7 deletions
diff --git a/doc/TODO b/doc/TODO
index 364c924ebd..a4d30f36f6 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -51,17 +51,12 @@ N - look at the proposed os x uninstaller:
when they feel like it.
- update dir-spec with what we decided for each of these
N - commit edmanm's win32 makefile to tor cvs contrib
- o add a GUARD flag to the network-status entries.
- o Clients use it. (But not till the directories have upgraded!)
- when logging unknown http headers, this could include bad escape codes?
- more generally, attacker-controller log entries with newlines in them
are dangerous for our users.
- make log entries include function names in win32 again.
- Make "setconf" and "hup" behavior cleaner for LINELIST config
options (e.g. Log). Bug 238.
- o Were we going to load unrecognized 'state' variables into some
- list somewhere, and write them out whenever we update the state?
- To be forwards and backwards compatible.
R - streamline how we define a guard node as 'up'. document it
somewhere.
R - reduce log severity for guard nodes.
@@ -70,7 +65,7 @@ R - failed rend desc fetches sometimes don't get retried.
R - Add config options to not publish and not fetch rend descs.
- Add controller interfaces to hear rend desc events and learn
about rend descs. In base16 I guess for now.
-R - let controlport be configurable on other interfaces
+ o let controlport be configurable on other interfaces
R - look into "uncounting" bytes spent on local connections. so
we can bandwidthrate but still have fast downloads.
N . Clean and future-proof exit policy formats a bit.
diff --git a/doc/tor.1.in b/doc/tor.1.in
index 4b61025b1b..2ffbc9e175 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -61,7 +61,7 @@ Windows since that platform lacks getrlimit(). (Default: 1024)
.LP
.TP
\fBControlPort \fR\fIPort\fP
-If set, Tor will accept connections from the same machine (localhost only) on
+If set, Tor will accept connections on
this port, and allow those connections to control the Tor process using the
Tor Control Protocol (described in control-spec.txt). Note: unless you also
specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
@@ -69,6 +69,14 @@ setting this option will cause Tor to allow any process on the local host to
control it.
.LP
.TP
+\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
+Bind the controller listener to this address. If you specify a port,
+bind to this port rather than the one specified in ControlPort. We
+strongly recommend that you leave this alone unless you know what you're
+doing, since giving attackers access to your control listener is really
+dangerous. (Default: 127.0.0.1)
+.LP
+.TP
\fBHashedControlPassword \fR\fIhashed_password\fP
Don't allow any connections on the control port except when the other process
knows the password whose one-way hash is \fIhashed_password\fP. You can