[tor-bugs] #3076 [Tor Client]: Implement 'SocksPort auto' and 'ControlPort auto'
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 12 04:43:37 UTC 2011
#3076: Implement 'SocksPort auto' and 'ControlPort auto'
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: needs_review
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent: #2264
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
I think it is a problem. Two attacks here:
1) If the attacker can write to the file: The attacker overwrites the
listening port number before the controller reads the file. Now the
controller connects to the attacker instead. The attacker learns the
required AUTHENTICATE command, and now takes control of the Tor process.
2) If the attacker can only read from the file: The attacker reads the
listening port number, then either kills Tor, provokes it to crash, or
somehow gets into a situation where the file is still there but Tor is not
still listening on that port. Now the attacker binds to that port, and
the controller to connect to it. The attacker learns the required
AUTHENTICATE command, and takes control of the Tor process when it
eventually restarts (assuming password authentication).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3076#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list