[tor-bugs] #2667 [Tor Relay]: Exits should block reentry into the tor network
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Sep 9 21:16:35 UTC 2012
#2667: Exits should block reentry into the tor network
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version:
Keywords: | Parent: #2664
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by arma):
Replying to [comment:13 mikeperry]:
> Replying to [comment:12 arma]:
> > A specific example of such a network is the open torified wireless
that some variations of the Torouter expect to offer, where a) it's open
wireless so people get to watch it, and b) because of #2667 you'd be
prevented from using your own Tor client.
>
> Hrmm. This sounds like something we can solve with a tweak to the #2905
language. I updated #5611 to suggest it.
I'm not following. The problem is that we'd prevent people behind a
Torified network from running their own Tor client. At the same time we
tell them that if they really want to be secure, they should run their own
Tor client. I think our advice is correct.
I wonder if the better fix is to make the "transparent torify" process
smarter (that is, write and maintain some "best practices" iptables rules
that do the right thing), so it can recognize connections to the Tor
network and let them through directly? It seems risky (full of
opportunities for serious fail), but better than the other options I've
heard so far.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2667#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list