[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

ExitPolicy questions

     I have two questions regarding the torrc.sample file distributed in the
tor tar files and other package formats.

	1) Given the recent tor controller port security problem, why does
	the sample torrc not contain "ExitPolicy reject *:9051"?  Granted,
	that would only cover one access route and not even that if a server's
	ControlPort were changed to something else.  But it just seems like
	an obvious thing to do to reduce the hazards.  I've added it to my

	2) "ExitPolicyRejectPrivate 1" rejects, among others.  Why
	doesn't it then also reject, which is the alternate set of
	"localhost" addresses?  It is true that the only operating systems I
	have seen use for localhost were IBM mainframe operating
	systems, but the address space ought nevertheless to be
	rejected if the is rejected.  This one I added to my torrc
	a long time ago when I added "ExitPolicyRejectPrivate 1".

I have not looked at the tor source to find out what is hard-coded into the
default ExitPolicy, but if the two items above are not in the default, it
seems like they should be.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *