[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--------------------+------------------------------
Reporter: s7r | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: 0.2.7.6
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------
Comment (by yawning):
Replying to [comment:1 teor]:
> One way of resolving this issue is to check that we're actually binding
to 127.0.0.1 or ::1 for the (default/no IP address) ControlPort and
SOCKSPort, and complain loudly and fail to launch if we're not.
I'm ok with this. We already have code for enumerating interfaces, so we
could warn earlier as well.
> We can require the user to configure an explicit IP address (or access
rules? does the ControlPort have those?) to silence the warning and start
tor.
There's flags for all the Ports, so adding another is easy-ish (to allow
unsafe behavior). Even if they explicitly configure something I'd vote
that we warn anyway, because it's still a horrific idea, just actually
start up instead of terminating on the warning.
For future reference, if something that will never work correctly when
jailed comes up in the future, there's a sysctl MIB
(`security.jail.jailed` which will be set to `1`) that can be queried via
`sysctl(3)`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs