[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 18 Jul 2012 13:19:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Jul 2012 09:19:17 -0400
In-reply-to: <051.d7b4d7dc6c096425498bd37173053add@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.d7b4d7dc6c096425498bd37173053add@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6297: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
-------------------------+--------------------------------------------------
 Reporter:  jrmithdobbs  |          Owner:                   
     Type:  defect       |         Status:  needs_information
 Priority:  normal       |      Milestone:                   
Component:  Tor Client   |        Version:  Tor: 0.2.3.18-rc 
 Keywords:               |         Parent:                   
   Points:               |   Actualpoints:                   
-------------------------+--------------------------------------------------

Comment(by jrmithdobbs):

 The rfc is very vague in this area. It pretty much skips over validation
 completely (outside of auth) as far as I can tell.

 As far as the security, after actually looking at your parser I'm much
 less concerned about that. However, I still think there may be an issue
 regarding an attacker that has the ability to inject but not necessarily
 intercept the original message.

 For example, because of how it's parsed so long as you can successfully
 get your packets accepted (there's been various recent talks/papers re:
 inadequacy of syn cookies as it relates to this) it could be feasible to
 force a user's connection to a specific username/password for the socks
 connection which may affect how the connection is isolated vs their other
 connections and may provide a way for an inject-capable (no observation of
 traffic between the client and socks port needed, really) to be able to
 associate a client's connections that should, by the configuration, be
 isolated.

 Does that help make more sense of my concerns?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6297#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #6341 [Tor Relay]: connection_or_flush_from_first_active_circuit() does wrong thing when ewma_enabled
Next by Author: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Previous by thread: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Next by thread: Re: [tor-bugs] #6297 [Tor Client]: SOCKS issues with bitcoin in .2.3.18-rc vs .2.2.37
Index(es):
- Author
- Thread