[tor-bugs] #17610 [Tor]: Merge ExitPolicyRejectPrivate changes into 0.2.6.10
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 17 02:03:26 UTC 2015
#17610: Merge ExitPolicyRejectPrivate changes into 0.2.6.10
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
Priority: High | needs_review
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.6.x-final
Keywords: TorCoreTeam201511, security, | Version: Tor:
026-backport | unspecified
Parent ID: #17027 | Resolution:
Sponsor: | Actual Points:
| Points:
-------------------------------------------------+-------------------------
Comment (by teor):
Please see my branch bug17027-reject-private-all-interfaces-v2-026 on
https://github.com/teor2345/tor.git
Instead of doing the large refactor to generate a list of interface
addresses, it uses the get_interface_address6 function from 0.2.6 to
reject the first discovered public interface address. It also blocks the
relay's configured IPv6 (ORPort) address.
This covers the majority of exits, while making minimal changes to
maint-0.2.6.
Some multihomed exits may need to update to 0.2.7 or 0.2.8, or make manual
changes to the exit policy in their torrcs to block all publicly routable
addresses on the relay.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17610#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list