[tor-bugs] #22794 [Applications/Tor Browser]: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 23 12:36:50 UTC 2018
#22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
-------------------------------------------------+-------------------------
Reporter: yawning | Owner:
| pospeselr
Type: defect | Status:
| assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-sandboxing, | Actual Points:
TorBrowserTeam201801 |
Parent ID: #20775 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by yawning):
Really though, just look at `nsSOCKSIOLayer`.
1. All outgoing SOCKS connections made by firefox start out their lives
as `AF_INET` sockets. (Assumption, firefox code gives me a headache, but
it matches the trace output).
2. When firefox actually goes to connect to the proxy (`ConnectToProxy`),
the `FixupAddressFamily` routine is called.
3. `FixupAddressFamily` checks to see if the proxy actually is reachable
via an `AF_INET` socket, and if not, opens a new file descriptor with the
correct domain.
What appears to have happened judging for a cursory inspection of the file
history was:
1. Back in the day, this was only expected to handle `AF_INET`, because
"this IPng thing will never happen".
2. When `AF_INET6` support was required, it was kludged on this way.
3. When `AF_UNIX` (and Windows pipes or whatever that's also in the
code) support was required, the kludge was enhanced.
Which is great if the only reason you want something like `AF_UNIX` is to
use `AF_UNIX` socket for the hell of it, and not so great if you want use
something like seccomp to prohibit `AF_INET`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22794#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list