[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 13 Mar 2012 03:59:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Mar 2012 23:59:35 -0400
In-reply-to: <047.35dd5081af4abe473e217872ec8d4731@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.35dd5081af4abe473e217872ec8d4731@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5011: Discuss possible designs for an external program that discovers bridge
addresses to tell Tor about them
---------------------------------+------------------------------------------
 Reporter:  karsten              |          Owner:  mikeperry
     Type:  task                 |         Status:  new      
 Priority:  normal               |      Milestone:           
Component:  Pluggable transport  |        Version:           
 Keywords:  MikePerry201203      |         Parent:  #5010    
   Points:                       |   Actualpoints:           
---------------------------------+------------------------------------------

Comment(by mikeperry):

 Replying to [comment:11 nickm]:
 > That sounds initially plausible to me.  I wonder about the
 unauthenticated aspect of the "dumb IPC" attribute, though.  Historically,
 every security feature on control ports turned out to be necessary, and
 then some.  If an attacker can remotely inject hostile bridges, they could
 use that to deanonymize a user.

 Yeah, I was sweeping this under the "robust to arbitrary input" rug. I was
 thinking that the main risk exposure was that anything automatic could
 happen at all. That's why I tried to make sure the confirmation request
 came from Vidalia/Orbot..

 > So it's important to make sure that this kind of attack won't work.

 Yeah, you're right. For best practice, BridgeFinder should create a way
 for BridgeFinderHelper to authenticate. I was hoping not to have to solve
 that.. What's the best option? Some sort of filesystem-based cookie
 authentication? BridgeFinder's simple control port barfs a file path for
 BridgeFinderHelper to read from? What about BridgeFinderHelpers that can't
 read arbitrary file paths? (I think Chrome extensions fall into this
 category).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5011#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5308 [Company]: Can I please have access to the GetTor machine?
Next by Author: Re: [tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them
Previous by thread: Re: [tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them
Next by thread: Re: [tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them
Index(es):
- Author
- Thread