[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9445 [Tor Launcher]: Tor Launcher should be more relaxed about bridge line input

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #9445 [Tor Launcher]: Tor Launcher should be more relaxed about bridge line input
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 21 Aug 2013 01:49:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Aug 2013 21:49:48 -0400
In-reply-to: <046.70a09e9493d794289482403c90e7e894@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.70a09e9493d794289482403c90e7e894@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9445: Tor Launcher should be more relaxed about bridge line input
---------------------------------------------------+------------------------
 Reporter:  bastik                                 |          Owner:  brade
     Type:  task                                   |         Status:  new  
 Priority:  major                                  |      Milestone:       
Component:  Tor Launcher                           |        Version:       
 Keywords:  tbb-3.0-stable-blocker, tbb-usability  |         Parent:  #9444
   Points:                                         |   Actualpoints:       
---------------------------------------------------+------------------------

Comment(by sysrqb):

 Replying to [comment:10 mikeperry]:
 > As I said in #9156, I think the most sane way forward here is to check
 to see if 'bridge ' is present at the beginning of the line, and if yes,
 accept it, otherwise prepend 'bridge ' to it and shove it into
 SETCONF+SAVECONF/torrc, and let Tor decide if it is actually valid with
 respect to the PT schemes installed or not. That way we can support both
 formats in Tor Launcher.
 >
 This will be a good way to do it because users may try to reuse the
 bridges they added in Vidalia, and the settings menu in Vidalia does not
 display the 'Bridge' keyword, so they will likely not include it.

 > Are there any code exec-level dangers to pasting arbitrary bridge lines
 with the current PT scheme?
 At present, all argument validation is (supposed to be) handled by the PT.
 Tor Launcher can probably perform some validation of the basic syntax, but
 it's not expected to do so for the optional arglist (which becomes a deep,
 dark hole). None of the fully-implemented PTs use the optional arglist, so
 there isn't a way to pass any kind of executable string to them. However,
 this is possible, but any implemented PT that relies on external args for
 execing will need extensive validation checks - something I don't think
 Tor Launcher should be expected to implement.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9445#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #9445 [Tor Launcher]: Include support for Pluggable Transports
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9204 [Tor Check]: Modularize check.torproject.org
Next by Author: Re: [tor-bugs] #9013 [BridgeDB]: BridgeDB should pass pluggable transport shared-secrets to clients
Previous by thread: Re: [tor-bugs] #9445 [Tor Launcher]: Tor Launcher should be more relaxed about bridge line input
Next by thread: Re: [tor-bugs] #9445 [Tor Launcher]: Tor Launcher should be more relaxed about bridge line input
Index(es):
- Author
- Thread