[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6396 [Tor Bridge]: Reachability tests for obfuscated bridges
#6396: Reachability tests for obfuscated bridges
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: task | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Bridge | Version:
Keywords: pt | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by rransom):
Replying to [comment:3 isis]:
> Also, because OONI and the bridge reachability tests are using txtorcon,
and the spawned Tor calls exec, I am wondering what kinds of extra
security checks I should use to make sure that exec doesn't get abused. If
there isn't a way to make that safe, I will just include this option in
the bridge reachability test in a separate repo, and not in the main OONI
bridget test.
Does âOONIâ (I'm not sure what exactly that refers to) have a stated
policy specifying which inputs to ooniprobe.py are allowed to be attacker-
controlled, and which inputs must be received from a trusted source?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6396#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs