[tor-bugs] #22461 [Core Tor/Tor]: Tor emits inaccurate safesocks warning event whenever you visit a naked IP address

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 1 00:04:57 UTC 2017


#22461: Tor emits inaccurate safesocks warning event whenever you visit a naked IP
address
--------------------------+---------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+---------------------

Comment (by arma):

 To be clear, the problem to warn about is when an application is using a
 fundamentally unsafe variant of socks -- e.g. socks4 rather than socks4a,
 or socks5-with-ip-address rather than socks5-with-fqdn.

 If the application is correctly using socks5-with-fqdn, yet the address
 that gets asked for is a string that happens to be an ipv4 address, I
 think everything is going according to plan.

 (I acknowledge that there could be edge cases where the user has set up
 some complex machinery to do resolves some other unsafe way, and then pass
 them to an application that does the correct sort of variant of socks. But
 I don't think it's our place for Tor to warn in that case.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22461#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list