[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2667 [Tor Relay]: Exits should block reentry into the tor network



#2667: Exits should block reentry into the tor network
-----------------------+----------------------------------------------------
 Reporter:  mikeperry  |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  critical   |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Relay  |        Version:                    
 Keywords:             |         Parent:  #2664             
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by arma):

 Replying to [comment:13 mikeperry]:
 > Replying to [comment:12 arma]:
 > > A specific example of such a network is the open torified wireless
 that some variations of the Torouter expect to offer, where a) it's open
 wireless so people get to watch it, and b) because of #2667 you'd be
 prevented from using your own Tor client.
 >
 > Hrmm. This sounds like something we can solve with a tweak to the #2905
 language. I updated #5611 to suggest it.

 I'm not following. The problem is that we'd prevent people behind a
 Torified network from running their own Tor client. At the same time we
 tell them that if they really want to be secure, they should run their own
 Tor client. I think our advice is correct.

 I wonder if the better fix is to make the "transparent torify" process
 smarter (that is, write and maintain some "best practices" iptables rules
 that do the right thing), so it can recognize connections to the Tor
 network and let them through directly? It seems risky (full of
 opportunities for serious fail), but better than the other options I've
 heard so far.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2667#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs