[tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 15 06:12:40 UTC 2013
#8117: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many
apps
-----------------------------------------------+----------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: needs_revision
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor | Version: Tor: 0.2.3.25
Keywords: tor-client isolation 023-backport | Parent:
Points: | Actualpoints:
-----------------------------------------------+----------------------------
Comment(by arma):
Replying to [comment:6 mikeperry]:
> My opinion here is that it's actually good to break apps that are doing
SOCKS u+p wrong, so long as we don't also break those apps when SOCKS u+p
is not set. We really shouldn't tell users "Hey, use SOCKS u+p to isolate
your apps!" and then not actually isolate anything because our handshake
silently tells the app not to use u+p.
Turns out pidgin offers the username of "" and password of "", when Tor
takes pidgin up on its offer to provide u+p. That is, pidgin says it knows
how to provide u+p auth, and Tor says yes please, even when the Username
and Password boxes in the pidgin UI are blank.
So, pidgin doesn't work at all with Tor 0.2.4.12-alpha. Filed as #8879.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8117#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list