[tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 31 15:22:06 UTC 2013
#8117: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many
apps
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor | Version: Tor: 0.2.3.25
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Tor 0.2.3 is supposed to have SOCKS username+password isolation on by
default. But with Pidgin and other apps, vidalia still shows circuits
being shared between multiple apps using different SOCKS usernames and
passwords.
I dug in with Wireshark, and it looks like the problem for Pidgin is that
its SOCKS client handshake lists 2 "Client Authorization Methods": "No
authentication" and "Username/password". Tor's SOCKS port replies that it
only supports "No Authentication", so Pidgin doesn't send the username and
password at all!
Tor should reply that it supports "Username/password" in this case if the
SOCKS isolation feature is enabled.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8117>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list