[tor-bugs] #8117 [Tor]: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 23 20:50:10 UTC 2013


#8117: Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many
apps
-----------------------------------------------+----------------------------
 Reporter:  cypherpunks                        |          Owner:                    
     Type:  defect                             |         Status:  needs_review      
 Priority:  major                              |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor                                |        Version:  Tor: 0.2.3.25     
 Keywords:  tor-client isolation 023-backport  |         Parent:                    
   Points:                                     |   Actualpoints:                    
-----------------------------------------------+----------------------------

Comment(by sysrqb):

 This works well, at least for a non-broken app. I was initially uncertain
 about Tor only respecting socks_prefer_no_auth if NoAuth was send by the
 client. I'm wonder if there are any commonly used and Socks5-broken apps
 that say they only support u+p if they are configured with a username and
 password. If this was the case, then Tor would still reply to use u+p
 because NoAuth was not a client-supported method. There's not much Tor can
 do in this case, though, if the app doesn't know how to handle the
 response.

 On a different note, how do you feel about creating isolated circuits for
 connections from apps that said they support u+p but Tor responded with
 NoAuth because PreferSOCKSNoAuth was set?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8117#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list