[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

ExitPolicy questions



     I have two questions regarding the torrc.sample file distributed in the
tor tar files and other package formats.

	1) Given the recent tor controller port security problem, why does
	the sample torrc not contain "ExitPolicy reject *:9051"?  Granted,
	that would only cover one access route and not even that if a server's
	ControlPort were changed to something else.  But it just seems like
	an obvious thing to do to reduce the hazards.  I've added it to my
	torrc.

	2) "ExitPolicyRejectPrivate 1" rejects 127.0.0.0/8, among others.  Why
	doesn't it then also reject 14.0.0.0/8, which is the alternate set of
	"localhost" addresses?  It is true that the only operating systems I
	have seen use 14.0.0.1 for localhost were IBM mainframe operating
	systems, but the 14.0.0.0/8 address space ought nevertheless to be
	rejected if the 127.0.0.0/8 is rejected.  This one I added to my torrc
	a long time ago when I added "ExitPolicyRejectPrivate 1".

I have not looked at the tor source to find out what is hard-coded into the
default ExitPolicy, but if the two items above are not in the default, it
seems like they should be.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************