[tor-bugs] #18123 [Tor]: Avoid a local port-stealing attack on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 21 22:30:30 UTC 2016
#18123: Avoid a local port-stealing attack on Windows
------------------------+------------------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Keywords: security 027-backport 026-backport
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------+------------------------------------------------
On Windows, Tor is vulnerable to a port-stealing attack described on this
StackOverflow post under the "Windows" heading:
https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-
and-so-reuseport-how-do-they-differ-do-they-mean-t
In short, another app can set SO_REUSEADDR, then bind to a port that Tor
is already bound to, stealing all future connections to Tor.
Therefore, I think we should set SO_EXCLUSIVEADDRUSE on all listener
sockets on Windows, which prevents this attack.
We could do this near make_socket_reusable in connection_listener_new.
make_socket_reusable already has a comment about this issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list