[tor-bugs] #17788 [Tor]: Block local addresses for rendezvous on RSOS servers

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jan 31 23:39:11 UTC 2016


#17788: Block local addresses for rendezvous on RSOS servers
-------------------------------------+------------------------------------
 Reporter:  teor                     |          Owner:  teor
     Type:  defect                   |         Status:  assigned
 Priority:  Medium                   |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor                      |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:  TorCoreTeam201602, rsos  |  Actual Points:
Parent ID:  #17178                   |         Points:
  Sponsor:                           |
-------------------------------------+------------------------------------

Comment (by teor):

 I need to merge dgoulet's bug8976_01_028 from #8976 and my
 feature-17178-rsos from #17178, then add the following two options:
 * RendPolicy (like ExitPolicy, but for HS & RSOS, mainly useful for RSOS)
 * RendPolicyRejectPrivate (like ExitPolicyRejectPrivate, but for HS &
 RSOS)

 While I'm doing this, I'm happy to update dgoulet's branch to block
 tor_addr_is_multicast() and tor_addr_is_internal() when
 RendPolicyRejectPrivate is set (default 0, in test networks defaults to
 1).

 We need to warn if RendPolicyRejectPrivate is 0 on a non-test network.
 We also need to warn if RendPolicy is set on a HS, as a small set of rend
 points can lead to loss of anonymity.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17788#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list