On Wed, 2015-09-30 at 15:39 +0200, Tim Wilson-Brown - teor wrote:
First, Tor adds the line "ACE <protocol> <host>:<port>" to the node's Second, Tor allows connections to ip:port as if the torrc contains : ExitPolicy allow<host>:<port> As ExitPolicyRejectPrivate defaults to 1, these policies should be allowed even if the ip lies in a range usually restricted. In particular localhost and 127.0.0.1 are potentially allowed.
Tor exit policies don’t contain hostnames like “localhost", did you mean 127.0.0.0/8 and ::1?
I am concerned about the security considerations of opening up local addresses, as local processes often trust connections from the local machine. Perhaps we could clarify it to say that only the specific port on 127.0.0.0/8 and ::1 is allowed?
Yes, that's the effect of the ExitPolicy line described. We should not disable ExitPolicyRejectPrivate, merely ensure that the new exit policy be processed before it. I'll add some language to clarify, slightly. I'm futzing around to make sure that just an ExitPolicy line does this already too.
Jeff