[tor-bugs] #10196 [Flashproxy]: allow the client to pick a specific relay for its registration

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Dec 1 04:27:01 UTC 2013


#10196: allow the client to pick a specific relay for its registration
-----------------------------+-----------------
     Reporter:  infinity0    |      Owner:  dcf
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Flashproxy   |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------

Comment (by dcf):

 We need to think through the security implications of allowing the client
 to control what endpoints proxies connect to. If would allow a
 (potentially malicious) client to initiate a TCP connection to any IP
 address--and exchange data with any WebSocket server that exists anywhere.
 The client could cause the proxy to send and receive arbitrary plaintext,
 plaintext that will be examined by your company or university's firewall.

 As it is now, a malicious client gets to control only one endpoint of the
 communication, and cannot force the proxy to carry plaintext.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10196#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list