[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 12 May 2011 04:43:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 May 2011 00:43:48 -0400
In-reply-to: <049.0883ce71ac3c7f318b950a9c648b1292@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.0883ce71ac3c7f318b950a9c648b1292@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3076: Implement 'SocksPort auto' and 'ControlPort auto'
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:                    
     Type:  enhancement  |         Status:  needs_review      
 Priority:  major        |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client   |        Version:                    
 Keywords:               |         Parent:  #2264             
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------

Comment(by nickm):

 I think it is a problem.  Two attacks here:
   1) If the attacker can write to the file: The attacker overwrites the
 listening port number before the controller reads the file.  Now the
 controller connects to the attacker instead.  The attacker learns the
 required AUTHENTICATE command, and now takes control of the Tor process.

   2) If the attacker can only read from the file: The attacker reads the
 listening port number, then either kills Tor, provokes it to crash, or
 somehow gets into a situation where the file is still there but Tor is not
 still listening on that port.  Now the attacker binds to that port, and
 the controller to connect to it.  The attacker learns the required
 AUTHENTICATE command, and takes control of the Tor process when it
 eventually restarts (assuming password authentication).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3076#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3049 [Tor Client]: Allow a Tor process to be âownedâ by a controller process
Next by Author: Re: [tor-bugs] #3026 [Tor Directory Authority]: Rejected vote from <ipaddr> ("Duplicate discarded")
Previous by thread: Re: [tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'
Next by thread: Re: [tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'
Index(es):
- Author
- Thread