[tor-bugs] #6937 [Tor Client]: SocksPipe or SocksSocket - an anonymous pipe to smoke network leakings bug out (of)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Sep 22 09:20:53 UTC 2012 

#6937: SocksPipe or SocksSocket - an anonymous pipe to smoke network leakings bug
out (of)
-------------------------+--------------------------------------------------
 Reporter:  ioerror      |          Owner:                    
     Type:  enhancement  |         Status:  new               
 Priority:  normal       |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Client   |        Version:  Tor: unspecified  
 Keywords:  security     |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------
 It seems that to make use of some kernel filtering and sandboxing, we may
 want to explore alternate ways of performing IPC between Firefox/Pidgin
 /xmpp-client/Thunderbird/etc and Tor.

 I propose that we have a very small shim and call it ort. The job of ort
 would be to locate a named pipe (such as on windows, where it may be full
 duplex) or a Unix Domain Socket, connect to it and simply shuffle bytes
 between the application, ort and Tor. Tor would treat ort clients as SOCKS
 clients and effectively, we could ban applications for even being allowed
 to make any kind of network connections.

 AppArmor as an example it may allow or deny 'inet stream' or 'inet socket'
 but it will not do anything useful beyond allowing or denying. So if inet
 sockets are allowed, they may be for 8.8.8.8 or 127.0.0.1 - we need to
 allow the latter and so the former would potentially leak out.

 Most of the code for Unix Domain Sockets is already implemented in the
 ControlSocket code, I think. The named pipe or better yet, anonymous (!)
 pipes approach may be better, as well as more portable. On Solaris, I
 suppose we could use a door but I'm fairly certain that zero people would
 use it.

 In an ideal case, I think we'd want to use pipes as that would allow us to
 use ort to shim up any application, simply block all inet/inet6 socket
 calls and call it a day. In this way, we would also be able to create a
 different channels for special requests - such as DNS requests that aren't
 resolvable via SOCKS5 and Tor normally.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6937>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list