[tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 29 03:56:21 UTC 2015
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
---------------------------------------+-----------------------------------
Reporter: s7r | Owner: teor
Type: defect | Status: assigned
Priority: High | Milestone: Tor:
Component: Tor | 0.2.8.x-final
Severity: Major | Version: Tor: 0.2.7.6
Keywords: 027-backport 026-backport | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
---------------------------------------+-----------------------------------
Changes (by teor):
* owner: => teor
* status: new => assigned
Comment:
To summarise, I think we need to implement the following changes:
* For every *Port that currently listens on 127.0.0.1 by default:
* ControlPort TransPort/NATDPort DNSPort ExtORPort SocksPort
* If there is no 127.0.0.0/8 on the server, reject the *Port with a
warning that tells the user to supply an explicit IP address if they
really want their *Port listening on a non-local address.
* Bind all *Ports to:
* The first IPv4 address that "localhost" resolves to, as long as it is
in 127.0.0.0/8, or 127.0.0.1 by default
* This ensures that configurations that have localhost on an alternate
address in 127.0.0.0/8 continue to work (this is another common BSD jail
config)
This issue may also affect HiddenServicePort, which defaults to connecting
to 127.0.0.1. We should check that it fails if there is no 127.0.0.1, and
the warning is helpful, if so, the current behaviour is fine.
I can make these changes along with #11360.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list