[tor-bugs] #6396 [Tor Bridge]: Reachability tests for obfuscated bridges
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Sep 12 17:59:32 UTC 2012
#6396: Reachability tests for obfuscated bridges
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: task | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Bridge | Version:
Keywords: pt | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by rransom):
Replying to [comment:3 isis]:
> Also, because OONI and the bridge reachability tests are using txtorcon,
and the spawned Tor calls exec, I am wondering what kinds of extra
security checks I should use to make sure that exec doesn't get abused. If
there isn't a way to make that safe, I will just include this option in
the bridge reachability test in a separate repo, and not in the main OONI
bridget test.
Does ‘OONI’ (I'm not sure what exactly that refers to) have a stated
policy specifying which inputs to ooniprobe.py are allowed to be attacker-
controlled, and which inputs must be received from a trusted source?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6396#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list