Index | Thread | Search

From:
Stuart Henderson <stu@spacehopper.org>
Subject:
Re: Fixes and improvements for the net/i2pd port
To:
openbsd@systemfailure.net
Cc:
David Uhden Collado <david@uhden.dev>, ports@openbsd.org
Date:
Wed, 14 Jan 2026 22:23:23 +0000

Download raw body.

Thread 
On 2026/01/14 21:50, openbsd@systemfailure.net wrote:
> You're right that other ports like net/tor have patches like that. But is this a good enough reason to just copy and paste? My point was that there's no *practical* benefit to set i2pd's working directory as /var/i2pd instead of /var/lib/i2pd. On the contrary, there's a potential drawback, also on the practical level: the risk of confusing some users. The trade-off here is style and consistency on the one side vs. practicality on the other.

/var/lib isn't very openbsd-ish, is only used by 3 ports, and IIR 
there's a backburner proposal to symlink /var/lib -> /var/db if we
can figure out how to get things moved out the way without breakking
updates too badly. So if we can get these files moved it would be a
good step on the way to that.

> You're right that the web interface definitely adds some attack surface. But what's the threat model exactly? The web interface allows "any user on the system", let's say a malicious user, to shut down the daemon, namely enables a denial-of-service attack. This malicious user could also access private information, like your router identity or the B32 addresses of your tunnels. That's probably what you mean by "deanonymizing you"... But bear in mind that "any user on the system" can easily get the machine's IP address anyway, which is usually what you want to conceal. And even with the web interface disabled, any local user could also access i2pd's configuration files, which are world-readable by default and can include some private information (encrypted LeaseSets keys in /etc/i2pd/tunnels.conf for example).

That sounds like a good argument to use mode 750 for /etc/i2pd..

> On the other hand, the web interface can be very useful to control and monitor the i2pd daemon. It's impossible to know what proportion of i2pd users rely on this feature, but my guess is that it is widely used, hence the i2pd developers enabled it by default.
> 
> In any case, we can also add a note to the README warning users about the risks associated with the web interface.

OpenBSD policy would usually be to disable potentially risky things
by default and let people enable them if they want rather than hope
they actually read pkg-readme (a lot of users seem not to).