mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
r13919@Kushana: nickm | 2007-08-02 10:58:31 -0700
Warn about unsafe ControlPort configurations. svn:r11038
This commit is contained in:
parent
ba28346f2f
commit
1c513979fc
@ -2,6 +2,9 @@ Changes in version 0.2.0.5-alpha - 2007-??-??
|
||||
o Major bugfixes (compilation):
|
||||
- Try to fix win32 compilation again: Improve checking for ipv6 types.
|
||||
|
||||
o Minor featuers (security):
|
||||
- Warn about unsafe ControlPort configurations.
|
||||
|
||||
|
||||
Changes in version 0.2.0.4-alpha - 2007-08-01
|
||||
o Major security fixes:
|
||||
|
@ -2884,6 +2884,37 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
if (options->HashedControlPassword && options->CookieAuthentication)
|
||||
REJECT("Cannot set both HashedControlPassword and CookieAuthentication");
|
||||
|
||||
if (options->ControlListenAddress) {
|
||||
int all_are_local = 1;
|
||||
config_line_t *ln;
|
||||
for (ln = options->ControlListenAddress; ln; ln = ln->next) {
|
||||
if (strcmpstart(ln->value, "127."))
|
||||
all_are_local = 0;
|
||||
}
|
||||
if (!all_are_local) {
|
||||
if (!options->HashedControlPassword && !options->CookieAuthentication) {
|
||||
log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
|
||||
"connections from a non-local address. This means that "
|
||||
"any program on the internet can reconfigure your Tor. "
|
||||
"That's so bad that I'm closing your ControlPort for you.");
|
||||
options->ControlPort = 0;
|
||||
} else {
|
||||
log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
|
||||
"connections from a non-local address. This means that "
|
||||
"programs not running on your computer can reconfigure your "
|
||||
"Tor. That's pretty bad!");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (options->ControlPort && !options->HashedControlPassword &&
|
||||
!options->CookieAuthentication) {
|
||||
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
|
||||
"has been configured. This means that any program on your "
|
||||
"computer can reconfigure your Tor. That's bad! You should "
|
||||
"upgrade your Tor controller as soon as possible.");
|
||||
}
|
||||
|
||||
if (options->UseEntryGuards && ! options->NumEntryGuards)
|
||||
REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user