[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6359 [Applications/TorBirdy]: make use of stream isolation



#6359: make use of stream isolation
-----------------------------------+-------------------------
 Reporter:  proper                 |          Owner:  ioerror
     Type:  defect                 |         Status:  closed
 Priority:  Medium                 |      Milestone:
Component:  Applications/TorBirdy  |        Version:
 Severity:  Normal                 |     Resolution:  wontfix
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+-------------------------
Changes (by adrelanos):

 * severity:   => Normal


Comment:

 Replying to [comment:3 tagnaq]:
 > Replying to [ticket:6359 proper]:
 > > TorBirdy should not use the same circuit that any other torified
 applications may use.
 >
 > Although that is an adorable goal I wouldn't know of a way that
 application A can prevent application B from using the same
 Socks/TransparentPort or same SOCKS auth. cred.
 >
 > We can try but TorBirdy probably can't guarantee that nobody else is
 using the same stream.

 No need to guarantee that, which is not possible indeed. However, TorBirdy
 using {{{socks 127.0.0.1:9150}}} while another application is using the
 same {{{socks 127.0.0.1:9150}}} is bad. Not that unlikely, since it is the
 default TBB socks port that users and other applications tend to re-use.

 I suggest TorBirdy should use {{{socks 127.0.0.1:9150 with socks auth
 TorBirdy_<small random string>}}}. Then it would be stream isolated from
 another arbitrary application using plain {{{socks 127.0.0.1:9150}}}.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6359#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs