[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17948 [Core Tor/Tor]: HiddenServicePort should connect to localhost by default

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #17948 [Core Tor/Tor]: HiddenServicePort should connect to localhost by default
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 09 Oct 2017 05:12:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Oct 2017 01:12:24 -0400
In-reply-to: <044.0da53981643bdc76c8df0aa17d801a2c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.0da53981643bdc76c8df0aa17d801a2c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17948: HiddenServicePort should connect to localhost by default
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  teor
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Low                                  |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ipv6, easy, maybe-bad-idea-or-       |  Actual Points:
  maybe-not tor-hs                               |
Parent ID:                                       |         Points:  small
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 I agree with teor that it's a security risk.

 We should let the user say what address to point the onion service
 connections to.

 I've seen cases where a local resolve attempt for localhost went out to
 Comcast's dns servers, which helpfully told me that localhost was
 127.0.0.1, so then my application correctly went there.

 Let's leave DNS the heck out of local computer decisions. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17948#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #23981 [Metrics/CollecTor]: Fix NPE and include "bridge-distribution-request" lines in sanitized bridge descriptors
Next by Author: Re: [tor-bugs] #23885 [Core Tor/Tor]: Assertion crash after circuit_handle_oom() has been called
Previous by thread: [tor-bugs] #23792 [Internal Services/Blog]: Update wiki to add a source of example onions.
Next by thread: Re: [tor-bugs] #17948 [Core Tor/Tor]: HiddenServicePort should connect to localhost by default
Index(es):
- Author
- Thread