[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [RELEASE] Torsocks 2.0.0-rc4



On 04 Mar (10:30:40), Nick Mathewson wrote:
> On Tue, Mar 4, 2014 at 10:13 AM, David Goulet <dgoulet@xxxxxxxxx> wrote:
> > On 04 Mar (08:36:13), Nick Mathewson wrote:
> >> On Mar 4, 2014 4:26 AM, "Lunar" <lunar@xxxxxxxxxxxxxx> wrote:
> >> >
> >> > David Goulet:
> >> > > After a big code review from Nick and help from a lot of people
> >> > > contributing and testing, this is the release candidate 4 for the new
> >> > > torsocks.
> >> >
> >> > I was about to push the new version to Debian experimental, but it just
> >> > breaks my SSH configuration too badly.
> >> >
> >> > The new version forbids listen() and accept().
> >> >
> >> > That means that at least SSH options ControlMaster, LocalForward, and
> >> > DynamicForward will not work. Being able to multiplex connections
> >> > (ControlMaster) is pretty crucial to keep sanity when working over
> >> > hidden services. Forwarding options allow a simple way to create to
> >> > tunnel TCP connections to a remote system through SSH over Tor.
> >> >
> >> > I am not sure what is the right move here. Perhaps allowing listen on
> >> > Unix sockets and localhost? Or maybe allowing listen() entirely?
> >>
> >> Those sound like good candidates for options. I think that listen-local is
> >> probably safe*, but arbitrary listen is broken in enough use cases that it
> >> should IMO be off by default.
> >
> > I agree here that this should not break the ssh -L. What I propose is an
> > option that allows torsocks to accept inbound connection thus
> > listen()/accept().
> >
> > An option in the configuration file and an environment variable also
> > (which adds a command line option to torsocks as well). What about
> > "AllowInbound" or "AllowListen" or "AcceptListen" that is off by
> > default.
> 
> AllowInbound is probably okay, though still I think that "allow
> inbound locally only" is a good idea.
> 
> (Could we implement that by checking getsockname() on the socket
> before the call to listen(), to make sure that it was localhost or
> unix?)

I'm comfortable with that having torsocks to allow localhost binding
*but* denies by default non localhost.

"AllowInbound 1" would allow non localhost inbound and yes getsockname()
is probably the right call to use! :)

/me implementing that.

Thanks!
David

> 
> -- 
> Nick
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev