[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #18123 [Tor]: Avoid a local port-stealing attack on Windows
#18123: Avoid a local port-stealing attack on Windows
------------------------+------------------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Keywords: security 027-backport 026-backport
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------+------------------------------------------------
On Windows, Tor is vulnerable to a port-stealing attack described on this
StackOverflow post under the "Windows" heading:
https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-
and-so-reuseport-how-do-they-differ-do-they-mean-t
In short, another app can set SO_REUSEADDR, then bind to a port that Tor
is already bound to, stealing all future connections to Tor.
Therefore, I think we should set SO_EXCLUSIVEADDRUSE on all listener
sockets on Windows, which prevents this attack.
We could do this near make_socket_reusable in connection_listener_new.
make_socket_reusable already has a comment about this issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs