[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18037 [Tor]: Should the user be allowed to specify FQDNs for HS TARGETs?
#18037: Should the user be allowed to specify FQDNs for HS TARGETs?
------------------------+----------------------------------
Reporter: yawning | Owner:
Type: defect | Status: new
Priority: Low | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: unspecified
Severity: Minor | Resolution:
Keywords: tor-hs dns | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------+----------------------------------
Comment (by arma):
Replying to [comment:8 alecmuffett]:
> Given the recent controversy about Apache's special treatment of
requests coming in from "localhost", I actually wonder if there ought to
be a _fourth_ syntax, vaguely IPv6 inspired, along the lines of:
>
> HiddenServicePort interface:eth0 80
[...]
> ...which regularly queries the named network interface and asks what IP
address it is currently bound to, directing requests to _that_ rather than
"localhost"
Careful! At least in some cases, when I connect to my computer's external
IP address from the same computer, the routing decides to send it "from"
localhost. I suspect if we try one of these tricks we will learn that it
is not reliable. I think the only reasonable answer is to either make the
application not trust localhost too much, or to put the application on an
actual different place (which would, in essence, be a variant on making
the application not trust the Tor address too much).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18037#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs