[tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 22 16:55:43 UTC 2015
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
---------------------------------------+-----------------------------------
Reporter: s7r | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor:
Component: Tor | 0.2.8.x-final
Severity: Major | Version: Tor: 0.2.7.6
Keywords: 027-backport 026-backport | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
---------------------------------------+-----------------------------------
Comment (by s7r):
I think we should automatically disable ControlPort, ExtORPort, TransPort
and DNSPort if we have no `lo` interface (127.0.0.1 localhost address) and
they are set with just the port number or auto. If the setting for them is
<pulic IP / NAT IP>:<port> we assume it's wanted and expected to be open
there and proceed, but with loud warnings that it's a terrible idea. Maybe
we should require authentication for ControlPort if opened on public / nat
IP or quit otherwise? Not entirely sure if it's worth it.
For ORPort and DirPort binding to whatever IP address it sees is fine, we
shouldn't change the behavior for these two, so whatever fixes we apply
should be related to `ControlPort` `TransPort` `DNSPort` `ExtORPort` and
`SocksPort`. Hope I didn't miss anything.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list