[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10682 [TorBrowserButton]: Disable update pings for Torbutton and Tor Launcher

Subject: Re: [tor-bugs] #10682 [TorBrowserButton]: Disable update pings for Torbutton and Tor Launcher
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 08 Feb 2014 18:12:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 08 Feb 2014 13:12:59 -0500
In-reply-to: <049.65e21b0fd2b5e93ef31eb2584dc13dc5@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.65e21b0fd2b5e93ef31eb2584dc13dc5@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10682: Disable update pings for Torbutton and Tor Launcher
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mikeperry
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:           |    Version:
  critical               |   Keywords:  tbb-security, extdev-interview,
    Component:           |  MikePerry201401R
  TorBrowserButton       |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 Well, due to the fix for #10419, these requests are in fact broken. The
 browser will no longer connect to directly to 127.0.0.1, nor will
 connections to 127.0.0.1 be sent to the exit node, unless the user edits
 their torrc to set 'ExtendAllowPrivateAddresses 1' for some reason. So
 this should certainly be an improvement

 If you want defense in depth against people who reconfigure Tor/Firefox,
 we can also use a banned port too instead of 443, but this fix is already
 in 3.5.2, which we shouldn't delay any further without compelling reason
 because it contains security fixes for Firefox 24.3.0.

 Would you consider a banned port to be an improvement? If so, we can file
 a new ticket and I will commit that immediately for 3.5.3.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10682#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10769 [Tor Weather]: write weathers emails to a file
Next by Author: Re: [tor-bugs] #6733 [Firefox Patch Issues]: Patch Firefox to allow addons to set SOCKS username+password per request
Previous by thread: Re: [tor-bugs] #10682 [TorBrowserButton]: Disable update pings for Torbutton and Tor Launcher
Next by thread: Re: [tor-bugs] #10682 [TorBrowserButton]: Disable update pings for Torbutton and Tor Launcher
Index(es):
- Author
- Thread