On Wed, Jan 07, 2009 at 07:03:03PM +0100, Sebastian Schmidt wrote: [...] > Why does TC tell me authentication is required even if it's switched > off? Or is this the default reply if a not supported command was > given to it?
Even if authentication is turned off, the first command on the control connection needs to be "AUTHENTICATE" (or "PROTOCOLINFO"). This is a fix for a neat cross-protocol attack where the attacker tricks your web browser into talking to the control port and generating a string where most of the lines are ignored, up until the lines the attacker actually generated. >From control-spec.txt: Before the client has authenticated, no command other than PROTOCOLINFO, AUTHENTICATE, or QUIT is valid. If the controller sends any other command, or sends a malformed command, or sends an unsuccessful AUTHENTICATE command, or sends PROTOCOLINFO more than once, Tor sends an error reply and closes the connection. -- Nick

