[or-cvs] r11038: Warn about unsafe ControlPort configurations. (in tor/trunk: . src/or)

[nickm at seul.org]

Author: nickm
Date: 2007-08-02 17:03:40 -0400 (Thu, 02 Aug 2007)
New Revision: 11038

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/config.c
Log:
 r13919 at Kushana:  nickm | 2007-08-02 10:58:31 -0700
 Warn about unsafe ControlPort configurations.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r13919] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-08-02 17:30:42 UTC (rev 11037)
+++ tor/trunk/ChangeLog	2007-08-02 21:03:40 UTC (rev 11038)
@@ -2,7 +2,10 @@
   o Major bugfixes (compilation):
     - Try to fix win32 compilation again: Improve checking for ipv6 types.
 
+  o Minor featuers (security):
+    - Warn about unsafe ControlPort configurations.
 
+
 Changes in version 0.2.0.4-alpha - 2007-08-01
   o Major security fixes:
     - Close immediately after missing authentication on control port;

Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c	2007-08-02 17:30:42 UTC (rev 11037)
+++ tor/trunk/src/or/config.c	2007-08-02 21:03:40 UTC (rev 11038)
@@ -2884,6 +2884,37 @@
   if (options->HashedControlPassword && options->CookieAuthentication)
     REJECT("Cannot set both HashedControlPassword and CookieAuthentication");
 
+  if (options->ControlListenAddress) {
+    int all_are_local = 1;
+    config_line_t *ln;
+    for (ln = options->ControlListenAddress; ln; ln = ln->next) {
+      if (strcmpstart(ln->value, "127."))
+        all_are_local = 0;
+    }
+    if (!all_are_local) {
+      if (!options->HashedControlPassword && !options->CookieAuthentication) {
+        log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
+                 "connections from a non-local address.  This means that "
+                 "any program on the internet can reconfigure your Tor. "
+                 "That's so bad that I'm closing your ControlPort for you.");
+        options->ControlPort = 0;
+      } else {
+        log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
+                 "connections from a non-local address.  This means that "
+                 "programs not running on your computer can reconfigure your "
+                 "Tor.  That's pretty bad!");
+      }
+    }
+  }
+
+  if (options->ControlPort && !options->HashedControlPassword &&
+      !options->CookieAuthentication) {
+    log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
+             "has been configured.  This means that any program on your "
+             "computer can reconfigure your Tor.  That's bad!  You should "
+             "upgrade your Tor controller as soon as possible.");
+  }
+
   if (options->UseEntryGuards && ! options->NumEntryGuards)
     REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");