[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #8369 [Tor]: Option to limit information Tor's control port discloses

To: undisclosed-recipients:;
Subject: [tor-bugs] #8369 [Tor]: Option to limit information Tor's control port discloses
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 01 Mar 2013 01:52:58 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Feb 2013 20:53:10 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8369: Option to limit information Tor's control port discloses
-------------------------+--------------------------------------------------
 Reporter:  proper       |          Owner:                    
     Type:  enhancement  |         Status:  new               
 Priority:  normal       |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor          |        Version:                    
 Keywords:               |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------
 Currently getinfo address spills the external IP address, which could
 jeopardize the user's anonymity in certain use cases.

 Please add add an option to torrc (ControlLockdown or so) to leave such
 requests unanswered if activated.

 Use cases:

  * One goal of a
 [https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
 Transparent Proxy] (Isolating Middlebox) or an
 [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy
 Isolating Proxy] is to strengthen proxy obedience. In essence the idea of
 is, that the operating system is not aware of it's own external IP address
 and can therefore not spill it, because Tor is running on a separate
 machine. At the moment such setups have the disadvantage, that they must
 forbid access to Tor's control port - because the control port could spill
 the IP. Users can therefore not use the "New identity" feature of
 TorButton and will in future be unable to use other improvements such as
 #3059 ("Adapt browser time based on tor's notion of clock skew...").
  * Building a
 [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/BridgeFirewall
 Bridge Firewall] is impossible because of lack of this lock down feature.

 There may be other features similar to "getinfo address" in the Tor
 control protocol, which could be potentially harmful. I haven't looked
 yet. If this feature get's accepted (as in "we could imagine to add such
 an option"), we (and I of course as well) could look for other things in
 the control protocol, which are potentially harmful for anonymity.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8369>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8367 [Tor]: Regression in git master: Can't bootstrap with bridges
Next by Author: Re: [tor-bugs] #8368 [Tor]: Add tor.service (for systemd) to upstream package
Previous by thread: Re: [tor-bugs] #8368 [Tor]: Add tor.service (for systemd) to upstream package
Next by thread: [tor-bugs] #8370 [Torflow]: torflow checks out old torctl as submodule
Index(es):
- Author
- Thread