Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by fristonio):

 Ok, I will wait until the code is tested and yes I would love to help test
 them. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-
Changes (by yawning):

 * cc: yawning (removed)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Replying to [comment:49 fristonio]:
 > teor, other than changing some basic functions like `assert` to
 `tor_assert`

 You should use a non-fatal assert, like `if (BUG(condition)) { return -1;
 }`.

 > `free` to `tor_free` should I also segregate IPv4 and IPv6 checks you
 have implemented in `test_loopback_sockname` and `test_loopback_interface`
 into different functions like one for IPv4 addresses and one for IPv6
 ones?

 You can do that if you'd like. We usually use an `int family` flag to
 choose between IPv4 and IPv6 code, so that we are not repeating code.

 Please print a warning if the checks fail, and an info-level message if
 they succeed.

 Also, try to re-use the existing Tor code that scans interfaces and checks
 socknames. Because that's where I copied this code from.

 The test code was designed to inspect the interfaces on a machine, and
 print their addresses and flags. This patch stalled because I couldn't get
 anyone to run it in the relevant environments. I still haven't seen the
 output of the test code in any of the relevant environments. So there is
 no guarantee that it actually works. And I don't know which of the
 alternative sockname tests you should do.

 Maybe you should wait until mo and s7r run the attached code and report
 the results?
 Or maybe you could do it yourself if they give you a shell?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by fristonio):

 teor, other than changing some basic functions like `assert` to
 `tor_assert` `free` to `tor_free` should I also segregate IPv4 and IPv6
 checks you have implemented in `test_loopback_sockname` and
 `test_loopback_interface` into different functions like one for IPv4
 addresses and one for IPv6 ones?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 To answer your question on #tor-dev:

 If you implement the new check as part of tor\_addr_is_local(), add a
 for\_listening flag like tor\_addr\_is\_internal(), and out your new code
 behind that flag:
 https://gitweb.torproject.org/tor.git/tree/src/common/address.c#n353

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by fristonio):

 Test it on FreeBSD and OpenVZ right?

 I can attach a patch here anyway, it seems like an interesting issue and
 maybe if sr7 and mo can give me a container in their infrastructure I can
 test it there. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 You can, but please be aware that it might not get merged if we don't have
 anyone to test it.

 We should do what we currrently do if the control port is set to a public
 IP address:
 * check if the control port will bind to localhost
 * if not, warn the user that the control port should not be public

 .

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by fristonio):

 If I got the issue right then, since ControlPort offers total control over
 tor we should not let it bind when the port is publicly exposed or when
 there is no loopback interface available. So to implement this we need to
 use the functions attached here by teor and then check if loopback address
 is available when we bind ControlPort using these functions, and close tor
 if check fails with a warning that it is dangerous.

 Can I work on this?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
-+-
 Reporter:  s7r  |  Owner:
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.10
 Severity:  Major| Resolution:
 Keywords:  tor-control misconfiguration |  Actual Points:
  security easy  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:   => tor-control misconfiguration security easy


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+---
 Reporter:  s7r   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  3
 Reviewer:|Sponsor:
--+---

Comment (by mo):

 I have OpenVZ infrastructure to test this, let me know when you need me.
 Can set up a container for you to play with also.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+---
 Reporter:  s7r   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  3
 Reviewer:|Sponsor:
--+---

Comment (by s7r):

 I have a FreeBSD box with a fresh jail that has a public IP address
 assigned to it. I could add someone's ssh key to it if needed. Willing to
 help in testing as well. As for OpenVZ, I kind of hate it, but I'll check
 with gamambel  and point him to this ticket as I recall they had some
 OpenVZ stuff in their infrastructure.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+---
 Reporter:  s7r   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  3
 Reviewer:|Sponsor:
--+---
Changes (by teor):

 * milestone:  Tor: 0.2.9.x-final => Tor: 0.2.???


Comment:

 While it would be nice to have this fixed, we need someone with FreeBSD /
 OpenVZ to develop and test it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+
 Reporter:  s7r   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  3
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  new => assigned
 * owner:  teor =>


Comment:

 I don't have time to revise this in 0.2.9.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+
 Reporter:  s7r   |  Owner:  teor
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  medium
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  needs_information => new


Comment:

 The two checks are:
 * The interface for 127.0.0.1 must have the loopback flag set
 * Binding to 127.0.0.1 must actually bind to 127.0.0.1
 (And I still have to confirm the second check works on an actual FreeBSD
 jail.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+
 Reporter:  s7r   |  Owner:  teor
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  medium
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * milestone:  Tor: 0.2.??? => Tor: 0.2.9.x-final


Comment:

 Oh, wait, teor  said he thinks this should go in.

 I think we can take it if we do the a simple version where we exit if you
 don't have `lo`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

[Tor Bug Tracker & Wiki]

#17901: Tor would bind ControlPort to public ip address if it has no localhost
interface
--+---
 Reporter:  s7r   |  Owner:  teor
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:  Tor: 0.2.6.10
 Severity:  Major | Resolution:
 Keywords:  029-proposed  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by nickm):

 * keywords:  027-backport, 026-backport => 029-proposed
 * milestone:  Tor: 0.2.8.x-final => Tor: 0.2.???


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs