[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16934 [Torsocks]: youtube-dl (recent), torsocks 2.1.0 and TBB5+ failure



#16934: youtube-dl (recent), torsocks 2.1.0 and TBB5+ failure
-----------------------+-------------------------
 Reporter:  sponville  |          Owner:  dgoulet
     Type:  defect     |         Status:  new
 Priority:  Medium     |      Milestone:
Component:  Torsocks   |        Version:
 Severity:  Normal     |     Resolution:
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
  Sponsor:             |
-----------------------+-------------------------

Comment (by cypherpunks):

 This seems to be a design flaw in the "SOCKS5_CMD_RESOLVE" command.
 Specifically, it appears that the client sends such a command containing
 the hostname to be resolved, but has no way of specifying whether it
 expects an IPv4 address or an IPv6 address in response - and tor sends
 back whichever address type it feels like using.

 Correct me if I'm wrong, but the "RESOLVE" command seems to be a Tor-
 specific thing, not a standard part of the SOCKS5 protocol.  Wouldn't it
 be better to limit "RESOLVE" to returning IPv4 addresses (the only type
 that torsocks can currently understand, AFAICT), and add separate
 "RESOLVE_V6" or "RESOLVE_V4_OR_V6" commands for the benefit of future
 clients?

 With that said, the other option that comes to mind is for torsocks to do
 away with real IP addresses altogether, and handle all DNS names by
 mapping them to fake addresses, the same way .onion names are currently
 handled.  Apart from perhaps wanting to allocate more than a /24 worth of
 fake addresses for this purpose, is there any reason this wouldn't work?

 As a practical matter, users might sometimes want to know the real IP
 address of the service they're connecting to, so maybe this would make
 sense as a torsocks configuration option.  But I think for most
 applications, the real IP address shouldn't matter, and there may be good
 reasons for the application *not* to know it (e.g., CDNs that use a
 different address depending on your exit node, or inadvertent leaks in
 applications not designed with privacy in mind.)

 As a quick fix, would it be adequate to simply replace 'if
 (utils_strcasecmpend(hostname, ".onion") == 0)' with 'if (1)' in
 torsocks.c?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16934#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs