[tor-bugs] #18156 [Tor]: Add a torrc flag to disable ADD_ONION creation.

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 23 19:25:18 UTC 2016 

#18156: Add a torrc flag to disable ADD_ONION creation.
-----------------------------+------------------------------
 Reporter:  cypherpunks      |          Owner:
     Type:  defect           |         Status:  closed
 Priority:  Medium           |      Milestone:  Tor: 0.2.???
Component:  Tor              |        Version:
 Severity:  Normal           |     Resolution:  wontfix
 Keywords:  tor-hs, control  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:  SponsorR-can
-----------------------------+------------------------------
Changes (by dgoulet):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 After discussion on #tor-dev, with an open control port, if an attacker is
 able to give it command, you are doomed by design.

 The correct but very difficult way to fix this would be to have a control
 command filter that is a subset of commands that could be consider "safe"
 which is a `HARD` problem to solve because it depends heavily on the
 thread model of the user/app. See ticket #8369 about this.

 Closing this one as wontfix.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18156#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list