On Wed, 2015-09-30 at 15:39 +0200, Tim Wilson-Brown - teor wrote: > > First, Tor adds the line "ACE <protocol> <host>:<port>" to the > > node's > > Second, Tor allows connections to ip:port as if the torrc contains > > : > > ExitPolicy allow<host>:<port> > > As ExitPolicyRejectPrivate defaults to 1, these policies should be > > allowed even if the ip lies in a range usually restricted. > > In particular localhost and 127.0.0.1 are potentially allowed. > Tor exit policies donât contain hostnames like âlocalhost", did you > mean 127.0.0.0/8 and ::1? > > I am concerned about the security considerations of opening up local > addresses, as local processes often trust connections from the local > machine. Perhaps we could clarify it to say that only the specific > port on 127.0.0.0/8 and ::1 is allowed? Yes, that's the effect of the ExitPolicy line described. We should not disable ExitPolicyRejectPrivate, merely ensure that the new exit policy be processed before it. I'll add some language to clarify, slightly. I'm futzing around to make sure that just an ExitPolicy line does this already too. Jeff
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev