[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

Subject: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 20 Dec 2015 12:24:24 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 20 Dec 2015 07:24:33 -0500
In-reply-to: <043.b018eeb23aacf1c327b47561602c473f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.b018eeb23aacf1c327b47561602c473f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--------------------+------------------------------
 Reporter:  s7r     |          Owner:
     Type:  defect  |         Status:  new
 Priority:  Medium  |      Milestone:  Tor: 0.2.???
Component:  Tor     |        Version:  Tor: 0.2.7.6
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+------------------------------

Comment (by yawning):

 Replying to [comment:1 teor]:
 > One way of resolving this issue is to check that we're actually binding
 to 127.0.0.1 or ::1 for the (default/no IP address) ControlPort and
 SOCKSPort, and complain loudly and fail to launch if we're not.

 I'm ok with this.  We already have code for enumerating interfaces, so we
 could warn earlier as well.

 > We can require the user to configure an explicit IP address (or access
 rules? does the ControlPort have those?) to silence the warning and start
 tor.

 There's flags for all the Ports, so adding another is easy-ish (to allow
 unsafe behavior).  Even if they explicitly configure something I'd vote
 that we warn anyway, because it's still a horrific idea, just actually
 start up instead of terminating on the warning.

 For future reference, if something that will never work correctly when
 jailed comes up in the future, there's a sysctl MIB
 (`security.jail.jailed` which will be set to `1`) that can be queried via
 `sysctl(3)`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Next by Author: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Previous by thread: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Next by thread: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Index(es):
- Author
- Thread