[tor-bugs] #8976 [Tor]: rend_service_introduce() doesn't notice if the rendezvous point is on 127.0.0.1
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 29 13:36:41 UTC 2016
#8976: rend_service_introduce() doesn't notice if the rendezvous point is on
127.0.0.1
---------------------------------+------------------------------------
Reporter: arma | Owner: teor
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.3.21-rc
Severity: Normal | Resolution:
Keywords: tor-hs 027-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: SponsorR-must
---------------------------------+------------------------------------
Comment (by andrea):
Hmmm - seems hard to imagine what conceivable attack could use such a
rendezvous address, since if it did go as far as trying to build a circuit
to one, it would be from some relay picked by the HS Tor and not under
attacker control, and not from the HS Tor's location. Is there a
differential behavior in that case depending on whether the address is
reachable, though?
I was leaning toward don't-backport on this one since there didn't seem to
be any plausible exploitability; do you really think there might be
something going on, teor?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8976#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list