Opened 5 years ago

Closed 4 years ago

#17070 closed defect (fixed)

".local" is mDNS for the local network, but tor assumes localhost

Reported by: teor Owned by: jryans
Priority: Medium Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: security lorax doc
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


tor_addr_hostname_is_local labels hostnames ending in ".local" as resolving to the loopback address. But ".local" is used for multicast DNS, so some names ending in ".local" may be on the local network(s), and not on or ::1 or the associated netblocks.

However, the current implementation is probably doing the right thing anyway, as allowing ".local" over SOCKS/Tor could open up access to servers or devices on Exit relays' local networks, which has security implications.

This may require a documentation change, or perhaps refactoring and review of all uses of tor_addr_hostname_is_local to see if they want only localhost, or local networks as well.

Child Tickets

Change History (11)

comment:1 Changed 5 years ago by nickm

Keywords: lorax added
Milestone: Tor: 0.2.8.x-finalTor: 0.2.???

comment:2 Changed 5 years ago by nickm

Move a few tickets out of 0.2.8. I would take a good patch for most of these if somebody writes one. (If you do, please make the ticket needs_review and move it back into maint-0.2.8 milestone. :) )

comment:3 Changed 4 years ago by nherring

Severity: Blocker

The only caller appears to be in connection_ap_handshake_rewrite_and_attach in src/or/connection_edge.c. That said, I agree that the ".local" domain is context-specific and evaluating that in the context of the relay seems Bad™. I think "local" here is probably correct, it's just not localhost, but rather local-net. Is there anything to really do here?

comment:4 Changed 4 years ago by nickm

Severity: BlockerNormal

comment:5 Changed 4 years ago by nickm

I think you may be right. There could be a documentation clarification fix to make here, I guess? What do you think, teor?

comment:6 Changed 4 years ago by teor

Keywords: doc added

I think we can update the documentation (function header and perhaps man page) to say that tor doesn't connect to '.local' addresses, and call this closed.

comment:7 Changed 4 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:8 Changed 4 years ago by jryans

Owner: set to jryans
Status: newassigned

comment:9 Changed 4 years ago by jryans

Status: assignedneeds_review

I updated the function header for tor_addr_hostname_is_local and man page entry for ClientRejectInternalAddresses to describe that multicast DNS hostnames for machines on the local network (of the form *.local) are also rejected.

comment:10 Changed 4 years ago by teor

Milestone: Tor: 0.3.???Tor: 0.2.9.x-final
Status: needs_reviewmerge_ready

Looks good!
Sticking this in 0.2.9 because it's a documentation-only change.
(nickm, feel free to disagree.)

comment:11 Changed 4 years ago by nickm

Milestone: Tor: 0.2.9.x-finalTor: 0.3.0.x-final
Resolution: fixed
Status: merge_readyclosed

Taking in 0.3.0; I think 0.2.9 has crossed the point where we should be treating it as "serious issues only". Thanks!

Note: See TracTickets for help on using tickets.