[tor-bugs] #2846 [Torify]: Patch GPG to support SOCKS proxies
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Sep 25 01:02:49 UTC 2012
#2846: Patch GPG to support SOCKS proxies
------------------------+---------------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Torify | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
------------------------+---------------------------------------------------
Comment(by ioerror):
I tried to make it leak with the following ldap request:
{{{
gpg --keyserver ldap://keyserver.pgp.com --keyserver-options no-auto-key-
retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8119,debug,verbose
--search jacob at appelbaum.net
}}}
It leaks DNS:
{{{
DNS Standard query AAAA keyserver.pgp.com
DNS Standard query AAAA keyserver.pgp.com.localdomain
DNS Standard query A keyserver.pgp.com
}}}
I also tried with SOCKS:
{{{
gpg --keyserver ldap://keyserver.pgp.com --keyserver-options no-auto-key-
retrieve,no-try-dns-srv,http-
proxy=socks5-hostname://127.0.0.1:9050,debug,verbose --search
jacob at appelbaum.net
}}}
That also appears to break out of the proxy entirely. Epic.
I guess I might change my build suggestion above to something more
restrictive:
{{{
./configure \
--disable-dns-cert \
--disable-dns-pka \
--disable-dns-srv \
--disable-ldap
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2846#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list