From 1c513979fc578a6fe434e6bf459ab5643f82bd77 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 2 Aug 2007 21:03:40 +0000 Subject: [PATCH] r13919@Kushana: nickm | 2007-08-02 10:58:31 -0700 Warn about unsafe ControlPort configurations. svn:r11038 --- ChangeLog | 3 +++ src/or/config.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/ChangeLog b/ChangeLog index e6d2e146fe..35d495429b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ Changes in version 0.2.0.5-alpha - 2007-??-?? o Major bugfixes (compilation): - Try to fix win32 compilation again: Improve checking for ipv6 types. + o Minor featuers (security): + - Warn about unsafe ControlPort configurations. + Changes in version 0.2.0.4-alpha - 2007-08-01 o Major security fixes: diff --git a/src/or/config.c b/src/or/config.c index e1af878de7..732bb0d784 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2884,6 +2884,37 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->HashedControlPassword && options->CookieAuthentication) REJECT("Cannot set both HashedControlPassword and CookieAuthentication"); + if (options->ControlListenAddress) { + int all_are_local = 1; + config_line_t *ln; + for (ln = options->ControlListenAddress; ln; ln = ln->next) { + if (strcmpstart(ln->value, "127.")) + all_are_local = 0; + } + if (!all_are_local) { + if (!options->HashedControlPassword && !options->CookieAuthentication) { + log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept " + "connections from a non-local address. This means that " + "any program on the internet can reconfigure your Tor. " + "That's so bad that I'm closing your ControlPort for you."); + options->ControlPort = 0; + } else { + log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept " + "connections from a non-local address. This means that " + "programs not running on your computer can reconfigure your " + "Tor. That's pretty bad!"); + } + } + } + + if (options->ControlPort && !options->HashedControlPassword && + !options->CookieAuthentication) { + log_warn(LD_CONFIG, "ControlPort is open, but no authentication method " + "has been configured. This means that any program on your " + "computer can reconfigure your Tor. That's bad! You should " + "upgrade your Tor controller as soon as possible."); + } + if (options->UseEntryGuards && ! options->NumEntryGuards) REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");