[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files

To: undisclosed-recipients:;
Subject: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 25 Oct 2011 21:47:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Oct 2011 17:47:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4303: Tor controllers should check the length of authentication-cookie files
---------------------+------------------------------------------------------
 Reporter:  rransom  |          Owner:  phobos
     Type:  task     |         Status:  new   
 Priority:  major    |      Milestone:        
Component:  Company  |        Version:        
 Keywords:           |         Parent:        
   Points:           |   Actualpoints:        
---------------------+------------------------------------------------------
 Right now, our Tor controllers will send any file readable by the user to
 whatever is listening to the control port they try to connect to (usually
 127.0.0.1:9051).  This sucks.  They should only send any file that is
 exactly 32 bytes long and readable by the user to whatever is listening on
 that port.  (Hopefully no one stores AES-256, Salsa20, or Curve25519
 secret keys (or other actually sensitive pieces of data) in raw 32-byte
 binary files.)

 Marking this as a âtaskâ, not a âdefectâ, so it'll get a child ticket
 list.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4303>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4294 [Tor Relay]: Add percentiles of bridge descriptor downloads by fingerprint to served-descs-stats
Next by Author: [tor-bugs] #4304 [Vidalia]: Vidalia should check the length of authentication-cookie files
Previous by thread: Re: [tor-bugs] #4302 [EFF-HTTPS Everywhere]: Enabling GoogleServices but not Google Search sometimes breaks results links
Next by thread: Re: [tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
Index(es):
- Author
- Thread