[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--------------------+------------------------------
Reporter: s7r | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: 0.2.7.6
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------
Comment (by yawning):
Replying to [comment:3 s7r]:
> While bind to whatever/default is good and wanted for DirPort and ORPort
it's very not wanted for SocksPort, ControlPort, ExtORPort and other ports
opened by Tor which are not meant to be open publicly.
ExtOR being open to the world is... odd but won't be game breaking since
it doesn't allow anything apart from serving as a sink for PT traffic (and
it's authenticated similar to ControlPort with cookie auth).
> teor I think if ControlPort <public IP>:<port> is manually and
explicitly set we should assume that the user knows what he is doing and
proceed, or be very protective and decide he'd rather not?
The former, but warn loudly that it's a bad idea, probably?
In an ideal world, we'd deprecate binding the ControlPort to non-AF_UNIX
sockets where AF_UNIX is available (because it is that big of a foot + gun
hazzard), but I expect that to be a non-starter just for legacy reasons,
unfortunately.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs