[tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 4 06:32:36 UTC 2016 

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
---------------------------------------+-----------------------------------
 Reporter:  s7r                        |          Owner:  teor
     Type:  defect                     |         Status:  needs_information
 Priority:  High                       |      Milestone:  Tor:
Component:  Tor                        |  0.2.8.x-final
 Severity:  Major                      |        Version:  Tor: 0.2.6.10
 Keywords:  027-backport 026-backport  |     Resolution:
Parent ID:                             |  Actual Points:
  Sponsor:                             |         Points:
---------------------------------------+-----------------------------------
Changes (by teor):

 * status:  assigned => needs_information
 * version:  Tor: 0.2.7.6 => Tor: 0.2.6.10


Comment:

 Replying to [comment:9 s7r]:
 > I think we should automatically disable ControlPort, ExtORPort,
 TransPort and DNSPort if we have no `lo` interface (127.0.0.1 localhost
 address) and they are set with just the port number or auto.

 Has anyone checked that this is actually an issue?
 I can't see how tor's code could cause this to happen, because it
 explicitly binds to 127.0.0.1.

 I don't have access to a FreeBSD jail or OpenVZ vm with IPv4, but without
 a `lo` interface or 127.0.0.1

 But on a FreeBSD IPv6-only instance (no IPv4 or 127.0.0.1), when I run
 `tor --SOCKSPort 54321 --ControlPort 12345`, I get:
 {{{
 [notice] Opening Socks listener on 127.0.0.1:54321
 [warn] Socket creation failed: Protocol not supported
 [notice] Opening Control listener on 127.0.0.1:12345
 [warn] Socket creation failed: Protocol not supported
 }}}

 Looking at the code in parse_port_config, tor converts the default address
 string "127.0.0.1" using tor_addr_parse, so there's no possibility tor
 will bind to any other address but 127.0.0.1. (Even if /etc/hosts maps
 127.0.0.1 to some other address.)

 If this is an issue, I need to know how tor's explicit request to bind to
 127.0.0.1 ends up binding to another address, and how tor can detect that.
 It would also help to have `ifconfig` output from one of these hosts.

 (I split off the fix for a loopback without 127.0.0.1 into #17991.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list