[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10839 [Firefox Patch Issues]: Block 127.0.0.0/8, RFC1918, and others ranges (for Non-Tor SOCKS proxies)



#10839: Block 127.0.0.0/8, RFC1918, and others ranges (for Non-Tor SOCKS proxies)
--------------------------------------+-----------------------
     Reporter:  cypherpunks           |      Owner:  mikeperry
         Type:  defect                |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  Firefox Patch Issues  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+-----------------------

Comment (by oc):

 Sending 127.0.0.1 requests to Tor was a quick fix for #10419 in a
 ''default TBB context''. Everything is now sent to the Tor proxy, which by
 default filters out private IP address ranges defined in
 `tor_addr_is_internal_()` (unless you have manually unset the
 `ClientRejectInternalAddresses` config flag).
 This was by far the biggest threat, as I believe the Tor browser is mainly
 used as a TBB component (not as a standalone app).

 It sure isn't the best fix ever, though:
 * It is not a good fix if you use the Tor browser with another random
 proxy.
 * It is not a good fix if you use it with the Tor proxy and unset
 `ClientRejectInternalAddresses` (your localhost requests will be forwarded
 on the network).
 * It is not a good fix even if you keep this flag set: localhost becomes
 unreachable (as every other "internal" address).

 The right fix for #10419 is ''not'' to block localhost, as you propose:
 ''localhost is not a threat''.
 At least, blocking localhost in a TBB context makes some sense: TBB is not
 designed to browse localhost. In a standalone Tor browser context though,
 blocking localhost does not make sense. Thus blocking it is yet another
 quick fix to avoid the ''real'' threat: `localhost <-> !localhost`
 communication of any kind.

 Therefore, if you're really eager to fix this properly, you should submit
 a Tor browser patch that allows to browse localhost without leaking
 requests on the wire, and to browse other web pages without leaking
 requests to localhost in any way (XHR, HTML tags, ''etc'').
 In other words, something like the ABE rule sets presented in #10419, if
 they worked as intended. My guess is: the path to make them work starts
 with addressing #10854.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10839#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs