[tor-bugs] #22572 [Core Tor/Tor]: please don't kill WarnUnsafeSocks option

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 18 16:17:07 UTC 2017


#22572: please don't kill WarnUnsafeSocks option
--------------------------+------------------------------------
 Reporter:  starlight     |          Owner:
     Type:  defect        |         Status:  reopened
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.9.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by starlight):

 Seems to me the issues are related, but a difference exists.  Bug #22461
 talks about making SOCKS5 requests of a naked IP address.  In this case I
 sometimes direct DNS requests to Google DNS.

 Here DNS payloads are traversing SOCKS which contain naked IP addresses,
 and apparently it does not matter if the DNS server is specified via IP
 address or DNS name.

 For example

 {{{
 $ torsocks dig +tcp +short @google-public-dns-a.google.com google-public-
 dns-b.google.com
 8.8.4.4
 }}}

 still produces

 {{{
 650 STATUS_CLIENT WARN DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=8.8.8.8:53
 }}}

 If one submits the request in more usual fashion


 {{{
 $ torsocks dig +tcp +short @8.8.8.8 -x 8.8.4.4
 google-public-dns-b.google.com.
 }}}

 the result is one 650 warning, not two.

 with `WarnUnsafeSocks=0` no 650 warnings appear.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22572#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list