[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18123 [Tor]: Avoid a local port-stealing attack on Windows

Subject: [tor-bugs] #18123 [Tor]: Avoid a local port-stealing attack on Windows
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 21 Jan 2016 22:30:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Jan 2016 17:30:39 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18123: Avoid a local port-stealing attack on Windows
------------------------+------------------------------------------------
     Reporter:  teor    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  Medium  |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor     |    Version:
     Severity:  Normal  |   Keywords:  security 027-backport 026-backport
Actual Points:          |  Parent ID:
       Points:          |    Sponsor:
------------------------+------------------------------------------------
 On Windows, Tor is vulnerable to a port-stealing attack described on this
 StackOverflow post under the "Windows" heading:
 https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-
 and-so-reuseport-how-do-they-differ-do-they-mean-t

 In short, another app can set SO_REUSEADDR, then bind to a port that Tor
 is already bound to, stealing all future connections to Tor.

 Therefore, I think we should set SO_EXCLUSIVEADDRUSE on all listener
 sockets on Windows, which prevents this attack.

 We could do this near make_socket_reusable in connection_listener_new.
 make_socket_reusable already has a comment about this issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #18123 [Tor]: Avoid a local port-stealing attack on Windows
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #18122 [Tor Browser]: Prefetch new Tor circuit
Next by Author: [tor-bugs] #18124 [Tor]: We never use interface names on Windows, avoid retrieving them
Previous by thread: Re: [tor-bugs] #18122 [Tor]: Prefetch new Tor circuit
Next by thread: Re: [tor-bugs] #18123 [Tor]: Avoid a local port-stealing attack on Windows
Index(es):
- Author
- Thread