[tor-bugs] #6359 [Applications/TorBirdy]: make use of stream isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 29 18:19:06 UTC 2016
#6359: make use of stream isolation
-----------------------------------+-------------------------
Reporter: proper | Owner: ioerror
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/TorBirdy | Version:
Severity: Normal | Resolution: wontfix
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+-------------------------
Changes (by adrelanos):
* severity: => Normal
Comment:
Replying to [comment:3 tagnaq]:
> Replying to [ticket:6359 proper]:
> > TorBirdy should not use the same circuit that any other torified
applications may use.
>
> Although that is an adorable goal I wouldn't know of a way that
application A can prevent application B from using the same
Socks/TransparentPort or same SOCKS auth. cred.
>
> We can try but TorBirdy probably can't guarantee that nobody else is
using the same stream.
No need to guarantee that, which is not possible indeed. However, TorBirdy
using {{{socks 127.0.0.1:9150}}} while another application is using the
same {{{socks 127.0.0.1:9150}}} is bad. Not that unlikely, since it is the
default TBB socks port that users and other applications tend to re-use.
I suggest TorBirdy should use {{{socks 127.0.0.1:9150 with socks auth
TorBirdy_<small random string>}}}. Then it would be stream isolated from
another arbitrary application using plain {{{socks 127.0.0.1:9150}}}.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6359#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list