[tor-bugs] #4773 [Tor Bridge]: Implement Extended OR port (part of proposal 180)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Jan 26 15:26:58 UTC 2012


#4773: Implement Extended OR port (part of proposal 180)
------------------------+---------------------------------------------------
 Reporter:  asn         |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Bridge  |        Version:                    
 Keywords:              |         Parent:  #4685             
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by asn):

 Let's talk a bit about our security threat model.

 The current (180) Extended ORPort design allows a local "attacker" to
 connect to the Extended ORPort, spoof an arbitrary external address (using
 USERADDR), and send Tor data. Furthermore, if we do the "the Extended
 ORPort provides an identifier to be used in another port for
 metadata/configuration transfer between tor and the proxy" idea, a local
 "attacker" will be able to connect to the Extended ORPort, get an
 identifier, connect to the other port, and configure the transport proxy
 (for example, tweak its rate-limiting setup).

 Would it be worth it to add some sort of authentication, so that only
 pluggable transport proxies can use the Extended ORPort? A silly way of
 doing it would be to add a key in a TOR_PT_* environment variable, but I'm
 not sure if that would be secure in a cross-platform fashion [0].
 That would also kill external proxies from using the Extended ORPort.

 Would a file that can only be read by the Tor user, containing a cookie,
 be better?

 Are these "attacks" within our threat model?

 [0]:
 a related not-so-enlightening blog post
 https://patternbuffer.wordpress.com/2008/05/05/unix-environment-variable-
 scopesecurity/
 We also assume that if the local attacker has root, the game is lost.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4773#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list