[tor-bugs] #17901 [Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 3 16:37:10 UTC 2016
#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
---------------------------------------+-----------------------------------
Reporter: s7r | Owner: teor
Type: defect | Status: needs_information
Priority: High | Milestone: Tor:
Component: Tor | 0.2.8.x-final
Severity: Major | Version: Tor: 0.2.6.10
Keywords: 027-backport 026-backport | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
---------------------------------------+-----------------------------------
Comment (by s7r):
Agree with teor here.
Even if it's not standard, I think we can safely call it at least common
practice that 127.0.0.1 will ensure port is not accessible from outside
that box. We can't have Tor rely on independent OS firewalls that need
extra configuration. Detecting and closing the port in such cases unless
the user explicitly confirms that he knows what he's doing seams like a
good approach to me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list