[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Tue, 4 Mar 2014 10:30:40 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Mar 2014 10:30:52 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=62Iy3xVNj4a+KXe2uKCDU9UZqGQ+exb1IfElDyk7rjs=; b=jU47Xz9Uyt6+QDs8/fGYrUCpq1ooHjxDNHrwOZMbq4AfjmDHIvYiBLpu1dfQAqBJN/ Cxy/d8NXHJ0fsbhnYLu6bs5w4NgXad30WCibN+cDO22mrsHxmpj4/OxPVE8fQQvDs2mB JM6pvIpTqMwWVLusgFqG+hUW3NqqJXwl8TENpjE2KNZA0gYujESZbBSVeLGXYuqCh2y/ QTATcCnqOL7K/WziYNLnLsXZAGV/vxkLt+yzKAnodkUGqb8YIFK3279qS4chSADFKq7n RUetdK3UeWRZa0X0A31335Pue17yS1EUnircNs1hW9tHo0LPtXfvxzq6VTNWcptDRXtk JTUQ==
In-reply-to: <20140304151351.GA7471@thessa>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20140304022733.GA3987@dalia> <20140304092420.GA8961@loar> <CAKDKvuwhCiiZyL4B+c26FehyNDUnibx33emZoFdNK5E7kPM02g@xxxxxxxxxxxxxx> <20140304151351.GA7471@thessa>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Mar 4, 2014 at 10:13 AM, David Goulet <dgoulet@xxxxxxxxx> wrote:
> On 04 Mar (08:36:13), Nick Mathewson wrote:
>> On Mar 4, 2014 4:26 AM, "Lunar" <lunar@xxxxxxxxxxxxxx> wrote:
>> >
>> > David Goulet:
>> > > After a big code review from Nick and help from a lot of people
>> > > contributing and testing, this is the release candidate 4 for the new
>> > > torsocks.
>> >
>> > I was about to push the new version to Debian experimental, but it just
>> > breaks my SSH configuration too badly.
>> >
>> > The new version forbids listen() and accept().
>> >
>> > That means that at least SSH options ControlMaster, LocalForward, and
>> > DynamicForward will not work. Being able to multiplex connections
>> > (ControlMaster) is pretty crucial to keep sanity when working over
>> > hidden services. Forwarding options allow a simple way to create to
>> > tunnel TCP connections to a remote system through SSH over Tor.
>> >
>> > I am not sure what is the right move here. Perhaps allowing listen on
>> > Unix sockets and localhost? Or maybe allowing listen() entirely?
>>
>> Those sound like good candidates for options. I think that listen-local is
>> probably safe*, but arbitrary listen is broken in enough use cases that it
>> should IMO be off by default.
>
> I agree here that this should not break the ssh -L. What I propose is an
> option that allows torsocks to accept inbound connection thus
> listen()/accept().
>
> An option in the configuration file and an environment variable also
> (which adds a command line option to torsocks as well). What about
> "AllowInbound" or "AllowListen" or "AcceptListen" that is off by
> default.

AllowInbound is probably okay, though still I think that "allow
inbound locally only" is a good idea.

(Could we implement that by checking getsockname() on the socket
before the call to listen(), to make sure that it was localhost or
unix?)

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
  - From: David Goulet

References:
- [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
  - From: David Goulet
- Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
  - From: Lunar
- Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
  - From: Nick Mathewson
- Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
  - From: David Goulet

Prev by Author: Re: [tor-dev] Some initial analysis on the new "Triple Handshake Attack" and Tor
Next by Author: Re: [tor-dev] Some initial analysis on the new "Triple Handshake Attack" and Tor
Previous by thread: Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
Next by thread: Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4
Index(es):
- Author
- Thread