[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

Subject: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 29 Dec 2015 04:31:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 28 Dec 2015 23:32:15 -0500
In-reply-to: <043.b018eeb23aacf1c327b47561602c473f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.b018eeb23aacf1c327b47561602c473f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
---------------------------------------+-----------------------------------
 Reporter:  s7r                        |          Owner:  teor
     Type:  defect                     |         Status:  assigned
 Priority:  High                       |      Milestone:  Tor:
Component:  Tor                        |  0.2.8.x-final
 Severity:  Major                      |        Version:  Tor: 0.2.7.6
 Keywords:  027-backport 026-backport  |     Resolution:
Parent ID:                             |  Actual Points:
  Sponsor:                             |         Points:
---------------------------------------+-----------------------------------

Comment (by yawning):

 Replying to [comment:13 teor]:
 > To summarise, I think we need to implement the following changes:
 > * For every *Port that currently listens on 127.0.0.1 by default:
 >   * ControlPort TransPort/NATDPort DNSPort ExtORPort SocksPort
 > * If there is no 127.0.0.0/8 on the server, reject the *Port with a
 warning that tells the user to supply an explicit IP address if they
 really want their *Port listening on a non-local address.
 > * Bind all *Ports to:
 >   * The first IPv4 address that "localhost" resolves to, as long as it
 is in 127.0.0.0/8, or 127.0.0.1 by default
 >     * This ensures that configurations that have localhost on an
 alternate address in 127.0.0.0/8 continue to work (this is another common
 BSD jail config)
 >
 > This issue may also affect HiddenServicePort, which defaults to
 connecting to 127.0.0.1. We should check that it fails if there is no
 127.0.0.1, and the warning is helpful, if so, the current behaviour is
 fine.
 >
 > I can make these changes along with #11360.

 These seem ok.  I'd suggest allowing localhost to also be `[::1]` for the
 far future.  I'm vaguely inclined to also add an extra config option which
 needs to be enabled to allow non-localhost/`AF_UNIX` ControlPort, because
 it really is that bad of an idea, but that may be overly hand-holding.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17947 [Tor Browser]: Tor browser stop running
Next by Author: Re: [tor-bugs] #17944 [Tor]: [PATCH] support timingsafe_memcmp() on Operating Systems that support it
Previous by thread: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Next by thread: Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Index(es):
- Author
- Thread