I'm not sure that the sandboxing section is necessary. We should say that _all_ plugins should only access the network over Tor, unless they are using some comparably strong anonymity mechanism. [...]
In reply https://trac.torproject.org/projects/tor/ticket/24774#comment:6 , I ask:
The proposal as written states under §3.2, specifically discussing `'*'`:Perhaps we trust the name plugin itself, but maybe the name system network could exploit this?What does this mean? Is there any specific information on what potential exploits the spec authors have thought of? '''Would requiring Tor-only connections prevent these potential exploits?''' I should ask on `tor-dev`.
Per the discussion in the current version of the spec (686aaf1), there is concern that a '*' plugin may try to resolve ordinary DNS names. But this separate, quoted statement assumes a trustworthy plugin, which I take to mean that it would not grab .com, etc.
So, what was the concern behind that statement? (And are there any other potential exploits, which may or may not be prevented by requiring name resolution through Tor?)
-- nullius@xxxxxxxx | PGP ECC: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C Bitcoin: bc1qcash96s5jqppzsp8hy8swkggf7f6agex98an7h | (Segwit nested: 3NULL3ZCUXr7RDLxXeLPDMZDZYxuaYkCnG) (PGP RSA: 0x36EBB4AB699A10EE) “‘If you’re not doing anything wrong, you have nothing to hide.’ No! Because I do nothing wrong, I have nothing to show.” — nullius
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev