[tor-bugs] #4303 [Company]: Tor controllers should check the length of authentication-cookie files
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Oct 25 21:47:02 UTC 2011
#4303: Tor controllers should check the length of authentication-cookie files
---------------------+------------------------------------------------------
Reporter: rransom | Owner: phobos
Type: task | Status: new
Priority: major | Milestone:
Component: Company | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------+------------------------------------------------------
Right now, our Tor controllers will send any file readable by the user to
whatever is listening to the control port they try to connect to (usually
127.0.0.1:9051). This sucks. They should only send any file that is
exactly 32 bytes long and readable by the user to whatever is listening on
that port. (Hopefully no one stores AES-256, Salsa20, or Curve25519
secret keys (or other actually sensitive pieces of data) in raw 32-byte
binary files.)
Marking this as a ‘task’, not a ‘defect’, so it'll get a child ticket
list.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4303>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list