[tor-bugs] #6937 [Tor Client]: SocksPipe or SocksSocket - an anonymous pipe to smoke network leakings bug out (of)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Sep 22 09:20:53 UTC 2012
#6937: SocksPipe or SocksSocket - an anonymous pipe to smoke network leakings bug
out (of)
-------------------------+--------------------------------------------------
Reporter: ioerror | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Client | Version: Tor: unspecified
Keywords: security | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
It seems that to make use of some kernel filtering and sandboxing, we may
want to explore alternate ways of performing IPC between Firefox/Pidgin
/xmpp-client/Thunderbird/etc and Tor.
I propose that we have a very small shim and call it ort. The job of ort
would be to locate a named pipe (such as on windows, where it may be full
duplex) or a Unix Domain Socket, connect to it and simply shuffle bytes
between the application, ort and Tor. Tor would treat ort clients as SOCKS
clients and effectively, we could ban applications for even being allowed
to make any kind of network connections.
AppArmor as an example it may allow or deny 'inet stream' or 'inet socket'
but it will not do anything useful beyond allowing or denying. So if inet
sockets are allowed, they may be for 8.8.8.8 or 127.0.0.1 - we need to
allow the latter and so the former would potentially leak out.
Most of the code for Unix Domain Sockets is already implemented in the
ControlSocket code, I think. The named pipe or better yet, anonymous (!)
pipes approach may be better, as well as more portable. On Solaris, I
suppose we could use a door but I'm fairly certain that zero people would
use it.
In an ideal case, I think we'd want to use pipes as that would allow us to
use ort to shim up any application, simply block all inet/inet6 socket
calls and call it a day. In this way, we would also be able to create a
different channels for special requests - such as DNS requests that aren't
resolvable via SOCKS5 and Tor normally.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6937>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list