[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17782 [Tor]: Relays may publish descriptors with incorrect IP address
#17782: Relays may publish descriptors with incorrect IP address
--------------------+------------------------------------
Reporter: fk | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: unspecified
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------------
Changes (by teor):
* version: Tor: 0.2.7.4-rc => Tor: unspecified
Comment:
This issue was a known issue when it was introduced in 0.1.2.1-alpha in
commit 9db7b2c0687a3ee28e96e0c0db6c2a3e7ef4c626 / svn:r6774 on 17 July
2006:
"Allow servers with no hostname or IP address to learn their IP address
by asking the directory authorities. This code only kicks in when you
would normally have exited with a "no address" error.
This design is flawed, though, since the X-Your-Address-Is header is not
authenticated, and doing it this way introduces too many new attacks. The
right answer is to give IP address hints inside the HELLO cell; much of
this code can be reused when we switch."
The commit message doesn't describe the attack above, where the directory
mirror deliberately lies. This may be due to the fact that only
authorities were giving this information out in 2006, and they are semi-
trusted.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17782#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs