[tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon May 9 16:17:42 UTC 2011
#3076: Implement 'SocksPort auto' and 'ControlPort auto'
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: needs_review
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent: #2264
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
Wrote a patch to implement ControlPortWriteToFile; see the updated
feature3076 branch in my public.
But on consideration I am worried about MITM issues here: the patch would
make it easier to wind up in a situation where an attacker can listen on
port X and convince the controller to connect to port X instead of to
Tor... either by reading a stale file and binding to the listed port, or
by overwriting the file with a new port. Should we care? Can we do
anything about this?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3076#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list