[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Any risks with another application using Tor's SOCKS 5 interface?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
From: James Marshall <james@xxxxxxxxxxxxx>
Date: Wed, 4 Dec 2013 10:57:36 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Dec 2013 14:11:17 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=JHfKvnwFK69GGTfInG3WAI+HIeSbMlm108+GQoCp5WI=; b=LwFlrCtWtU+JFlT7oK6tSAnv1HUGHRv3A722hQbIeHrNdhuYiA9WDs+SWHsFqHwZaO +akEzji27LtRB/ZJ+OMMLJGEcgHLParp31D/Nt94TBHc+0d7RRxdbHRxerf0L8muDcSr 7lim3XQY3TrY8noqj+OE6TniEWLCwzE46qhDLWeHtUPPpMpyDvrhebr8Ls4FgUQ+TrHV t+ES/I5R2xf8EIOSGv7xjl23Oun/Vm501dMMFzKHcaoPOHpD0fw8dHDVOOHPgkRLdoQq Wi7X/qcnbxmuQLtfLDax5s1AhcnT5sPnRxIMnCxUnr7V3JBeVr2NliO6yPlEiLpYmzM7 ColA==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I asked this before but didn't get a response:

Is there any risk with another local application using Tor's SOCKS 5
interface?  I heard a vague comment that it wasn't recommended, but I
haven't heard exactly what the risks are, if any.

This is for CGIProxy, which can use SOCKS 5 to provide a clientless
front-end to the Tor network (clientless in the sense that it doesn't
require an installation on the browsing machine).  This could significantly
increase the potential user base of Tor, since many users can't or don't
want to install anything on their browsing machine.

SOCKS 5 is insecure if the client and server are on different hosts and
GSSAPI isn't used, but are there any problems if they're on the same host?

If there are no risks to doing this, then perhaps it should not be
discouraged?

Thanks a lot!  Links to previous discussions welcome.  I'm curious about
even small potential risks, including any in using CGIProxy.  If I don't
hear any response this time, I'll assume it's safe to use Tor like this.

Cheers,
James
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
  - From: /dev/ph0b0s
- Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
  - From: Moritz Bartl
- Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
  - From: Roman Mamedov

Prev by Author: Re: [tor-talk] $50k Access Innovation Prize for Endpoint Security
Next by Author: Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
Previous by thread: [tor-talk] Tor Weekly News â December 4th, 2013
Next by thread: Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
Index(es):
- Author
- Thread