[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
---------------------------------------+-----------------------------------
 Reporter:  s7r                        |          Owner:  teor
     Type:  defect                     |         Status:  assigned
 Priority:  High                       |      Milestone:  Tor:
Component:  Tor                        |  0.2.8.x-final
 Severity:  Major                      |        Version:  Tor: 0.2.7.6
 Keywords:  027-backport 026-backport  |     Resolution:
Parent ID:                             |  Actual Points:
  Sponsor:                             |         Points:
---------------------------------------+-----------------------------------

Comment (by teor):

 For backporting to 0.2.7 and 0.2.6:
 * I've learned from previous experience not to make (internal) API changes
 when backporting, so I'll use tor_addr_is_loopback() on the list in the
 commits for this change
   * this will require disabling the check for tor_addr_is_loopback() in
 get_interface_address6_list() and
 get_interface_address6_via_udp_socket_hack(), so perhaps the backport will
 need a #define for backwards compatibility
     * in any case, the interface search routines changed between 0.2.6 and
 0.2.7, so we'll need to be careful to make the minimal necessary changes
 in 0.2.6 to make sure they merge properly
 * I'd like to fall back to resolving localhost on systems that don't allow
 their interfaces to be enumerated, as long as we check that the returned
 values are standard 127/8 or [::1]. This should avoid any security issues,
 yet still give us an address on locked-down platforms. See #17953.

 Because I don't think we can backport some of the changes suggested in
 this ticket, I've split them off for later:
 * #17949 for making loopback search more efficient
 * #17950 for making address family search more efficient
  * #17951 for returning both IPv4 and IPv6 when falling back to the socket
 hack with AF_UNSPEC
  * #17952 for returning both IPv4 and IPv6 from the ioctl on obscure
 platforms

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs