[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #13129 [Tor]: Option for downgrading "Rejecting SOCKS request for anonymous connection to private address" log
#13129: Option for downgrading "Rejecting SOCKS request for anonymous connection to
private address" log
------------------------+--------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by nickm):
It seems like we need some decision-making here:
* Option A: It's trivial to downgrade the warning. (But only some
instances of it are instances we'd like to ignore.)
* Option B: It's similarly pretty easy to make the ignorable instances
distinguishable from the accidental instances (such as by for example by
reinstating the old "noconnect" directive, or by using some kind of a
socks extension, special username, or magic port). But in this case, a
hostile program might be able to generate a request to localhost that Tor
would close but not report. I'm not sure whether there's an attack there.
* Option C: We could have a magic SOCKS username that means "Don't log a
warning if this address is 127.0.0.1". We could let this randomly at
startup, and have it be Yet Another Cookie. This would be a version of
option B where a hostile program that didn't know the magic username
couldn't suppress the warning. I'm not sure whether this is worthwhile.
* Option D: TB could try to fix #10682 in a different way. I don't know
how hard this is, but I suspect "at least somewhat".
* Option E: Do nothing; annoying warnings are annoying.
* Options F...Z: Something I'm not thinking of.
Right now, I'm thinking that A and E are possible for 0.2.5.x-final.
Maaaaybe some version of B would also work out for 0.2.5, but maybe not.
Option C might work out for 0.2.6 (if the complexity doesn't make us
cringe), but it's a kludge and it's not for 0.2.5. I can't comment on the
difficulty of option D.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13129#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs