[tor-dev] [RELEASE] Torsocks 2.0.0-rc4
Nick Mathewson
nickm at freehaven.net
Tue Mar 4 13:36:13 UTC 2014
On Mar 4, 2014 4:26 AM, "Lunar" <lunar at torproject.org> wrote:
>
> David Goulet:
> > After a big code review from Nick and help from a lot of people
> > contributing and testing, this is the release candidate 4 for the new
> > torsocks.
>
> I was about to push the new version to Debian experimental, but it just
> breaks my SSH configuration too badly.
>
> The new version forbids listen() and accept().
>
> That means that at least SSH options ControlMaster, LocalForward, and
> DynamicForward will not work. Being able to multiplex connections
> (ControlMaster) is pretty crucial to keep sanity when working over
> hidden services. Forwarding options allow a simple way to create to
> tunnel TCP connections to a remote system through SSH over Tor.
>
> I am not sure what is the right move here. Perhaps allowing listen on
> Unix sockets and localhost? Or maybe allowing listen() entirely?
Those sound like good candidates for options. I think that listen-local is
probably safe*, but arbitrary listen is broken in enough use cases that it
should IMO be off by default.
*do we need to do anything about fds transferred over Unix sockets?
Probably.
Yrs,
--
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140304/5e313c1a/attachment.html>
More information about the tor-dev
mailing list