[tor-bugs] #22572 [Core Tor/Tor]: please don't kill WarnUnsafeSocks option
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 18 16:17:07 UTC 2017
#22572: please don't kill WarnUnsafeSocks option
--------------------------+------------------------------------
Reporter: starlight | Owner:
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.2.9.2-alpha
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by starlight):
Seems to me the issues are related, but a difference exists. Bug #22461
talks about making SOCKS5 requests of a naked IP address. In this case I
sometimes direct DNS requests to Google DNS.
Here DNS payloads are traversing SOCKS which contain naked IP addresses,
and apparently it does not matter if the DNS server is specified via IP
address or DNS name.
For example
{{{
$ torsocks dig +tcp +short @google-public-dns-a.google.com google-public-
dns-b.google.com
8.8.4.4
}}}
still produces
{{{
650 STATUS_CLIENT WARN DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=8.8.8.8:53
}}}
If one submits the request in more usual fashion
{{{
$ torsocks dig +tcp +short @8.8.8.8 -x 8.8.4.4
google-public-dns-b.google.com.
}}}
the result is one 650 warning, not two.
with `WarnUnsafeSocks=0` no 650 warnings appear.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22572#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list