[tor-bugs] #7836 [Tor]: Incorrect "non-loopback address" warnings

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 1 14:41:47 UTC 2013 

#7836: Incorrect "non-loopback address" warnings
-----------------------+----------------------------------------------------
 Reporter:  fk         |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  trivial    |      Milestone:  Tor: unspecified  
Component:  Tor        |        Version:  Tor: 0.2.4.7-alpha
 Keywords:  tor-relay  |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by fk):

 Replying to [comment:1 nickm]:
 > Is there a good way for the program to detect when these addresses are
 local and when they aren't?

 If you mean whether or not the addresses belong to the jail the
 application is running in then yes.

 The application can check the security.jail.jailed sysctl to see if it's
 running in a jail and if it is, it knows that all visible IP addresses
 belong to the jail. 127.0.0.1 is special in a jail because binding to it
 transparently binds the application to the jail's IP address.

 Looking at lo1 from outside and inside the jail:
 {{{
 fk at r500 ~ $ifconfig lo1
 lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
         inet 192.168.6.100 netmask 0xffffff00
         inet 10.0.0.1 netmask 0xff000000
         inet 10.0.0.2 netmask 0xff000000
         inet 10.0.0.3 netmask 0xff000000
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 fk at r500 ~ $sudo jexec 1 sh -c "hostname; ifconfig lo1"
 tor-jail
 lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
         inet 10.0.0.2 netmask 0xff000000
 ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported
 }}}

 Having said that, I'm not sure why Tor should bother with this.

 I'd consider this bug fixed if:

 TransListenAddress 127.0.0.1
 SocksListenAddress 10.0.0.2
 ControlListenAddress 127.0.0.1

 would only result in a complaint about SocksListenAddress. I haven't
 looked at Tor's code, but I assume that this doesn't require any jail-
 specific code. If it does, I could probably provide it, though.

 Another fix would be to disable all these address checks after detecting
 that Tor is running in a jail and either logging nothing, or something
 generic like: "Tor is running in a jail and thus not be able to reliably
 warn about potentially dangerous binding addresses".

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7836#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list