[tor-bugs] #18156 [Tor]: Add a torrc flag to disable ADD_ONION creation.

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 27 00:39:37 UTC 2016


#18156: Add a torrc flag to disable ADD_ONION creation.
-------------------------+---------------------
 Reporter:  cypherpunks  |          Owner:
     Type:  defect       |         Status:  new
 Priority:  Medium       |      Milestone:
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+---------------------

Comment (by cypherpunks):

 Hi atagar, I could be very much wrong about this, but I'm concerned about
 ADD_ONION because with the help of legitimate but buggy third party
 software, it can bypass my firwall rules and hook up to my ssh server, or
 mail server or local network and potentially make me part of a bot net or
 worse, instead of just hooking up to the buggy applications listening
 port. And there isn't really an easy way of seeing it. #18157

 I don't know if SETCONF or SETEVENTS can do that.

 I'm all for the read-only control port. I hope it is considered.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18156#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list