From bd0e400bc37bfca75e8ffd81a7266385bcd418f6 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 8 Jan 2009 14:07:05 +0000 Subject: [PATCH] AUTHENTICATE is really mandatory. No authentication is not quite the default. svn:r18024 --- doc/spec/control-spec.txt | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt index 093bf20a56..7c9bcea083 100644 --- a/doc/spec/control-spec.txt +++ b/doc/spec/control-spec.txt @@ -253,6 +253,10 @@ $Id$ command, or sends PROTOCOLINFO more than once, Tor sends an error reply and closes the connection. + To prevent some cross-protocol attacks, the AUTHENTICATE command is still + required even if all authentication methods in Tor are disabled. In this + case, the controller should just send "AUTHENTICATE" CRLF. + (Versions of Tor before 0.1.2.16 and 0.2.0.4-alpha did not close the connection after an authentication failure.) @@ -1591,7 +1595,9 @@ $Id$ 5.1. Authentication - By default, the current Tor implementation trusts all local users. + If the control port is open and no authentication operation is enabled, Tor + trusts any local user that connects to the control port. This is generally + a poor idea. If the 'CookieAuthentication' option is true, Tor writes a "magic cookie" file named "control_auth_cookie" into its data directory. To authenticate,