[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 31 Jan 2013 15:37:28 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 31 Jan 2013 10:37:37 -0500
In-reply-to: <051.2610a42f101502c1d005f827e067099d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.2610a42f101502c1d005f827e067099d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8117: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many
apps
----------------------------------+-----------------------------------------
 Reporter:  cypherpunks           |          Owner:                    
     Type:  defect                |         Status:  needs_review      
 Priority:  major                 |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor                   |        Version:  Tor: 0.2.3.25     
 Keywords:  tor-client isolation  |         Parent:                    
   Points:                        |   Actualpoints:                    
----------------------------------+-----------------------------------------
Changes (by nickm):

  * keywords:  => tor-client isolation
  * status:  new => needs_review


Comment:

 Agreed wrt priority and backportability.

 It looks easy enough to fix at first glance: answer "username/password" if
 the client offers it; otherwise answer "no auth".  I'm attaching a patch
 to do that.

 I'm a little worried that there could be a failure mode here where a
 user's application offers username/password authentication even though it
 doesn't know a username/password combination, and then responds to Tor's
 selecting username/password authentication by asking the user for a
 username and password.  If there are many apps like that, we'll need
 another fix here.

 This patch needs testing: first to ensure that username/password isolation
 is working with programs that behave like pidgin. And second, to make sure
 that the failure mode above doesn't occur when no username and password
 are configured.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8117#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Next by Author: Re: [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Previous by thread: [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Next by thread: Re: [tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Index(es):
- Author
- Thread