Skip to content
Commit 53fbe024 authored by Damian Johnson's avatar Damian Johnson
Browse files

Retrieve connection information despite DisableDebuggerAttachment

For years tor's DisableDebuggerAttachment has been the bane of nyx. The feature
wasn't intended to effect us, but screws with proc permissions breaking every
connection resolver we have...

  https://trac.torproject.org/projects/tor/ticket/15259

Currently we read /proc/<pid>/fd to get connection inodes, then use that
determine what from /proc/net/tcp belongs to our process. Tor's
DisableDebuggerAttachment breaks that by making /proc/<pid>/fd only readable by
root. However, even without knowing the inodes we can identify tor related
connections by if they go to a relay or our ORPort/DirPort/ControlPort. This is
exactly what nyx already does to identify a connection's type.

TL;DR. Connection resolution works all the time now. Only drawbacks are...

* Connection resolution can't work until we have consensus information. This
  can take a few seconds so we don't show connections right away.

* When resolving this way we can't show client or exit connections. Nyx
  already scrubbed these so it's not a big loss, but means we now don't even
  show that they exist.

If the user sets 'DisableDebuggerAttachment 0' in their torrc we still do
connection resolution via the normal method.
parent ff84e0da
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment