BlockNumericIPRequests patch (fwd)
Roger Dingledine
arma at mit.edu
Sat Mar 18 06:27:40 UTC 2006
On Sun, Mar 12, 2006 at 10:16:41PM +0000, Jason Holt wrote:
> >First, we already have a TestSocks config option:
>
> Actually, is it even necessary now that it always warns about IP-only
> connections?
TestSocks does something more than that -- it gives you a log message
when you are using a safe socks variant also. This is important because
of the third case -- you think you're using Tor safely but you're not
using Tor at all.
> >Second, even with your patch, an application using the wrong socks
> >version will do the DNS resolve, and then fail to work. So in a sense
> >it is broken in *both* respects now. Is this better behavior than before?
>
> Certainly, it's a tradeoff which must be evaluated. The fact that my
> option doesn't catch the problem until the DNS lookup has already happened
> is significant, and I've been thinking it should be documented. The option
> could also cause mysterious problems in applications that don't always do a
> DNS lookup (bittorrent, perhaps?).
Not necessarily -- the warnings are for when you use socks4 or the wrong
variant of socks5, not for when an IP address is given to Tor rather
than a hostname. So it doesn't affect this if the application sometimes
resolves it and sometimes doesn't.
> OTOH, in most cases, users would
> presumably not make their very first connection to a sensitive site after
> installing a new app or changing a configuration.
True.
> And, of course, it could be a significant advantage to have proactive
> rejection of potentially dangerous connections rather than leaving a log
> entry which may go unnoticed. Users are notoriously bad about auditing log
> entries.
Also true.
I had originally thought to merge TestSocks and this new variable, so
we have for example a tristate "ignore", "warn", "reject", but TestSocks
is more than just "ignore or warn", as I describe above.
So I propose that we add a new config option SafeSocks that does as you
describe -- when set to 1, it refuses connections that are using the
unsafe variants of socks. It defaults to 0. Sound like what everybody
wants?
--Roger
More information about the tor-dev
mailing list