[tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 20 12:30:27 UTC 2015
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--------------------+------------------------------
Reporter: s7r | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: 0.2.7.6
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------
Comment (by yawning):
Replying to [comment:3 s7r]:
> While bind to whatever/default is good and wanted for DirPort and ORPort
it's very not wanted for SocksPort, ControlPort, ExtORPort and other ports
opened by Tor which are not meant to be open publicly.
ExtOR being open to the world is... odd but won't be game breaking since
it doesn't allow anything apart from serving as a sink for PT traffic (and
it's authenticated similar to ControlPort with cookie auth).
> teor I think if ControlPort <public IP>:<port> is manually and
explicitly set we should assume that the user knows what he is doing and
proceed, or be very protective and decide he'd rather not?
The former, but warn loudly that it's a bad idea, probably?
In an ideal world, we'd deprecate binding the ControlPort to non-AF_UNIX
sockets where AF_UNIX is available (because it is that big of a foot + gun
hazzard), but I expect that to be a non-starter just for legacy reasons,
unfortunately.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list