[tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 20 12:24:24 UTC 2015
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--------------------+------------------------------
Reporter: s7r | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: 0.2.7.6
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------
Comment (by yawning):
Replying to [comment:1 teor]:
> One way of resolving this issue is to check that we're actually binding
to 127.0.0.1 or ::1 for the (default/no IP address) ControlPort and
SOCKSPort, and complain loudly and fail to launch if we're not.
I'm ok with this. We already have code for enumerating interfaces, so we
could warn earlier as well.
> We can require the user to configure an explicit IP address (or access
rules? does the ControlPort have those?) to silence the warning and start
tor.
There's flags for all the Ports, so adding another is easy-ish (to allow
unsafe behavior). Even if they explicitly configure something I'd vote
that we warn anyway, because it's still a horrific idea, just actually
start up instead of terminating on the warning.
For future reference, if something that will never work correctly when
jailed comes up in the future, there's a sysctl MIB
(`security.jail.jailed` which will be set to `1`) that can be queried via
`sysctl(3)`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list