[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 27 Oct 2011 15:48:45 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Oct 2011 11:48:58 -0400
In-reply-to: <047.dd4ee349129dd68380346b8441cc31dc@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.dd4ee349129dd68380346b8441cc31dc@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4303: Tor controllers should check the length of authentication-cookie files
---------------------+------------------------------------------------------
 Reporter:  rransom  |          Owner:  phobos
     Type:  defect   |         Status:  new   
 Priority:  major    |      Milestone:        
Component:  Company  |        Version:        
 Keywords:           |         Parent:        
   Points:           |   Actualpoints:        
---------------------+------------------------------------------------------
Changes (by karsten):

  * type:  project => defect


Old description:

> Right now, our Tor controllers will send any file readable by the user to
> whatever is listening to the control port they try to connect to (usually
> 127.0.0.1:9051).  This sucks.  They should only send any file that is
> exactly 32 bytes long and readable by the user to whatever is listening
> on that port.  (Hopefully no one stores AES-256, Salsa20, or Curve25519
> secret keys (or other actually sensitive pieces of data) in raw 32-byte
> binary files.)
>
> Marking this as a âtaskâ, not a âdefectâ, so it'll get a child ticket
> list.

New description:

 Right now, our Tor controllers will send any file readable by the user to
 whatever is listening to the control port they try to connect to (usually
 127.0.0.1:9051).  This sucks.  They should only send any file that is
 exactly 32 bytes long and readable by the user to whatever is listening on
 that port.  (Hopefully no one stores AES-256, Salsa20, or Curve25519
 secret keys (or other actually sensitive pieces of data) in raw 32-byte
 binary files.)

 [[TicketQuery(parent=#4303,format=table,col=summary|owner)]]

--

Comment:

 Changed ticket type to defect and added child ticket list to the
 description.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4303#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #4324 [Tor bundles/installation]: TBB 2.2.33.3-dev for OS X i386 does not work
Next by Author: Re: [tor-bugs] #2706 [Website]: Perhaps we should have the doxygen content on a real site somewhere
Previous by thread: Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
Next by thread: [tor-bugs] #4304 [Vidalia]: Vidalia should check the length of authentication-cookie files
Index(es):
- Author
- Thread