[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #8976 [Tor]: rend_service_introduce() doesn't notice if the rendezvous point is on 127.0.0.1
#8976: rend_service_introduce() doesn't notice if the rendezvous point is on
127.0.0.1
--------------------+------------------------------------
Reporter: arma | Owner: teor
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.3.21-rc
Severity: Normal | Resolution: fixed
Keywords: tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: SponsorR-must
--------------------+------------------------------------
Changes (by teor):
* keywords: tor-hs 027-backport => tor-hs
* status: needs_review => closed
* resolution: => fixed
Comment:
Replying to [comment:25 andrea]:
> Eh, backporting always does carry a small but non-zero risk of new bugs
in the old branch, though - it's trading off two different versions of
'safe' rather than a question of 'better safe than sorry'. I think my
preferred standard is something more like "plausibly exploitable, or fixes
a crash/assert/memory leak level bug"
Fair enough - you have more experience with this than I do.
By that standard, I can't see a plausible way to exploit this - the
rendezvous protocol already allows client-specified rendezvous points.
It's a slight waste of resources, but that's not important enough.
It's also worth noting that this has just been merged, so it's not
received much testing in the alpha series. So the risk of introducing an
unintentional bug is higher.
Closing as "don't backport".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8976#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs