Opened 5 years ago

Closed 3 years ago

#16308 closed defect (fixed)

Attempts to resolve local hostname using tor

Reported by: leeroy Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When using torsocks 2.1.0 built from tarball, torsocks attempts to resolve the local machine's hostname using tor.

To reproduce: clone a git repository using torsocks

Result: clone is successful, but produces an error in torsocks after an attempt to resolve the machine's hostname:42 using tor.

ERROR torsocks[pid]: Unable to resolve. Status reply: 4 (in socks5_recv_resolve_reply() at socks5.c:666)

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by leeroy

A workaround is to map the local machine's hostname to 127.0.0.1 using MAPADDRESS. This prevents the error from being generated (but only in a default config of course).

comment:2 Changed 5 years ago by yawning

Offhand I think the correct fix is to ensure that apps can't get the actual hostname/domainname (localhost.localdomain is a fine response), as applications running under torsocks have precisely 0 business in knowing this information. There's a bunch of things that would need to be stubbed for this to happen:

  • gethostname(3P)
  • getdomainname(2)
  • uname(2)
  • SYS_gethostname

comment:3 Changed 4 years ago by dgoulet

Severity: Normal
Status: newaccepted

comment:4 Changed 4 years ago by cypherpunks

Confused n00b here, getting this result too and hoping for clarification. Is this error message safe to ignore? Or does this mean git over Tor by way of torsocks is broken/unsafe and we should use another method to torify Git?

comment:5 Changed 4 years ago by cypherpunks

@n00b
The exit node will try to resolve your hostname via DNS. If your hostname is something generic like "localhost", "ubuntu", "debian", ... that's not an issue. If it's something unique, that's quite bad.

Another socksification method won't help (I don't think there is any that filters out DNS requests for the local hostname). Use a generic hostname like "localhost" and make sure to use an empty domain name or something generic like "localdomain".

"hostname --fqdn" will show your hostname + domain.

comment:6 Changed 3 years ago by cypherpunks

It isn't often a response as helpful and straightforward as this is given. Forgot to say: thanks.

comment:7 Changed 3 years ago by dgoulet

Resolution: fixed
Status: acceptedclosed

Seems everything has been figured out? Please re-open if not.

Note: See TracTickets for help on using tickets.