On 04 Mar (10:30:40), Nick Mathewson wrote: > On Tue, Mar 4, 2014 at 10:13 AM, David Goulet <dgoulet@xxxxxxxxx> wrote: > > On 04 Mar (08:36:13), Nick Mathewson wrote: > >> On Mar 4, 2014 4:26 AM, "Lunar" <lunar@xxxxxxxxxxxxxx> wrote: > >> > > >> > David Goulet: > >> > > After a big code review from Nick and help from a lot of people > >> > > contributing and testing, this is the release candidate 4 for the new > >> > > torsocks. > >> > > >> > I was about to push the new version to Debian experimental, but it just > >> > breaks my SSH configuration too badly. > >> > > >> > The new version forbids listen() and accept(). > >> > > >> > That means that at least SSH options ControlMaster, LocalForward, and > >> > DynamicForward will not work. Being able to multiplex connections > >> > (ControlMaster) is pretty crucial to keep sanity when working over > >> > hidden services. Forwarding options allow a simple way to create to > >> > tunnel TCP connections to a remote system through SSH over Tor. > >> > > >> > I am not sure what is the right move here. Perhaps allowing listen on > >> > Unix sockets and localhost? Or maybe allowing listen() entirely? > >> > >> Those sound like good candidates for options. I think that listen-local is > >> probably safe*, but arbitrary listen is broken in enough use cases that it > >> should IMO be off by default. > > > > I agree here that this should not break the ssh -L. What I propose is an > > option that allows torsocks to accept inbound connection thus > > listen()/accept(). > > > > An option in the configuration file and an environment variable also > > (which adds a command line option to torsocks as well). What about > > "AllowInbound" or "AllowListen" or "AcceptListen" that is off by > > default. > > AllowInbound is probably okay, though still I think that "allow > inbound locally only" is a good idea. > > (Could we implement that by checking getsockname() on the socket > before the call to listen(), to make sure that it was localhost or > unix?) I'm comfortable with that having torsocks to allow localhost binding *but* denies by default non localhost. "AllowInbound 1" would allow non localhost inbound and yes getsockname() is probably the right call to use! :) /me implementing that. Thanks! David > > -- > Nick > _______________________________________________ > tor-dev mailing list > tor-dev@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev