[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18517 [Tor Browser]: meek is broken in Tor Browser 6.0a3

Subject: Re: [tor-bugs] #18517 [Tor Browser]: meek is broken in Tor Browser 6.0a3
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 19 Mar 2016 23:46:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 19 Mar 2016 19:46:32 -0400
In-reply-to: <042.e5faf76d672a6df2ef3daf51f2b9e2b2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.e5faf76d672a6df2ef3daf51f2b9e2b2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18517: meek is broken in Tor Browser 6.0a3
-------------------------+--------------------------
 Reporter:  gk           |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  Very High    |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  regression   |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:  None
-------------------------+--------------------------
Changes (by teor):

 * component:  Tor => Tor Browser
 * priority:  Medium => Very High
 * keywords:  must-fix-before-028-rc, regression => regression
 * version:  Tor: 0.2.8.1-alpha =>
 * milestone:  Tor: 0.2.8.x-final =>
 * owner:   => tbb-team


Comment:

 I think this is a Tor Browser issue and we should adopt dcf's workaround
 of changing the dummy IP addresses to publicly routable IP addresses.

 Tor is correctly checking for internal addresses and refusing to build
 circuits to them. This is a bugfix on #17674 and #8976. Tor can't make an
 exception for Tor Browser's sentinel addresses, without also allowing
 relays and hidden services to mistakenly connect to those addresses. This
 would open up the same attack vector we're trying to fix here.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18517#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #18517 [Tor]: meek is broken in Tor Browser 6.0a3
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
Next by Author: Re: [tor-bugs] #18318 [Tor]: Make sure keys and IP:Ports are unique in a consensus
Previous by thread: Re: [tor-bugs] #18517 [Tor]: meek is broken in Tor Browser 6.0a3
Next by thread: Re: [tor-bugs] #18517 [Tor Browser]: meek is broken in Tor Browser 6.0a3
Index(es):
- Author
- Thread