[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8976 [Tor]: rend_service_introduce() doesn't notice if the rendezvous point is on 127.0.0.1

Subject: Re: [tor-bugs] #8976 [Tor]: rend_service_introduce() doesn't notice if the rendezvous point is on 127.0.0.1
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 29 Mar 2016 13:36:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Mar 2016 09:36:47 -0400
In-reply-to: <044.a26ef599a4f0e759c4e264ae984bedd9@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.a26ef599a4f0e759c4e264ae984bedd9@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#8976: rend_service_introduce() doesn't notice if the rendezvous point is on
127.0.0.1
---------------------------------+------------------------------------
 Reporter:  arma                 |          Owner:  teor
     Type:  defect               |         Status:  needs_review
 Priority:  Medium               |      Milestone:  Tor: 0.2.7.x-final
Component:  Tor                  |        Version:  Tor: 0.2.3.21-rc
 Severity:  Normal               |     Resolution:
 Keywords:  tor-hs 027-backport  |  Actual Points:
Parent ID:                       |         Points:
 Reviewer:                       |        Sponsor:  SponsorR-must
---------------------------------+------------------------------------

Comment (by andrea):

 Hmmm - seems hard to imagine what conceivable attack could use such a
 rendezvous address, since if it did go as far as trying to build a circuit
 to one, it would be from some relay picked by the HS Tor and not under
 attacker control, and not from the HS Tor's location.  Is there a
 differential behavior in that case depending on whether the address is
 reachable, though?

 I was leaning toward don't-backport on this one since there didn't seem to
 be any plausible exploitability; do you really think there might be
 something going on, teor?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8976#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs
Next by Author: Re: [tor-bugs] #17150 [Tor]: Tor 0.2.7.3-rc: "Extrainfo digest did not match digest256 from routerdesc"
Previous by thread: Re: [tor-bugs] #8976 [Tor]: rend_service_introduce() doesn't notice if the rendezvous point is on 127.0.0.1
Next by thread: Re: [tor-bugs] #8976 [Tor]: rend_service_introduce() doesn't notice if the rendezvous point is on 127.0.0.1
Index(es):
- Author
- Thread