Opened 4 years ago

Closed 3 years ago

#17610 closed defect (fixed)

Merge ExitPolicyRejectPrivate changes into 0.2.6.10

Reported by: teor Owned by:
Priority: High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: security, 026-backport, 201512-deferred
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

ExitPolicyRejectPrivate now blocks configured outbound bind addresses and port addresses (such as ORPort and DirPort).

This is the task for merging the backported change into 0.2.6.10.

Please see my commit bug17027-reject-private-026-v4 on https://github.com/teor2345/tor.git

It's a single, squashed commit based on the tor-0.2.6.10 tag. This is my first backport, I'm not sure if I've done it right.

I excluded changes to the torrc files, but included unit tests (which pass).

(The branch for 0.2.7.4-rc is bug17027-reject-private-027-v4 in #17027.)

Child Tickets

Change History (14)

comment:1 Changed 4 years ago by teor

Status: newneeds_review

comment:2 Changed 4 years ago by teor

Please see my branch bug17027-reject-private-all-interfaces-v2-026 on https://github.com/teor2345/tor.git

Instead of doing the large refactor to generate a list of interface addresses, it uses the get_interface_address6 function from 0.2.6 to reject the first discovered public interface address. It also blocks the relay's configured IPv6 (ORPort) address.

This covers the majority of exits, while making minimal changes to maint-0.2.6.
Some multihomed exits may need to update to 0.2.7 or 0.2.8, or make manual changes to the exit policy in their torrcs to block all publicly routable addresses on the relay.

comment:3 Changed 4 years ago by nickm

This seems like a fine idea. were there any conflicts when you cherry-picked the patches, or did they cherry-pick cleanly?

comment:4 in reply to:  3 Changed 4 years ago by teor

Replying to nickm:

This seems like a fine idea. were there any conflicts when you cherry-picked the patches, or did they cherry-pick cleanly?

They required a rewrite: the code for 0.2.6.10 is limited to the utility functions available in that release.

(get_interface_address_6 changed in 0.2.7, and then I refactored it further to return a list. The dependencies were too much to backport to 0.2.6. So 0.2.6 uses a get_interface_address_6 that returns a single interface address. The rewritten code blocks this one address, rather than blocking an entire list like in 0.2.7 / master.)

comment:5 Changed 4 years ago by teor

If we can't test this code in master or 0.2.7, do we really want to backport it to 0.2.6?

comment:6 Changed 4 years ago by teor

Keywords: TorCoreTeam201512 added; TorCoreTeam201511 removed

(Give the similar code in #17027 another month's testing in master.)

comment:7 Changed 4 years ago by teor

This code should NOT be merged to 0.2.6 in its current state. It causes (parts of) the exit policy to be discarded when tor_addr_to_str returns "???". See #17762 for details.

If we do want to merge it to 0.2.6, we need to reimplement it using:

  • addr_policy_append_reject_addr (existing?)
  • tor_addr_is_public_for_reject (from 0.2.8)

comment:8 Changed 4 years ago by teor

Status: needs_reviewneeds_revision

comment:9 Changed 4 years ago by teor

Status: needs_revisionneeds_review

This code already uses addr_policy_append_reject_addr, it does not suffer from the issue in #17762.

It is ok to merge bug17027-reject-private-026-v4 into maint-0.2.6.

Please note that the code differs slightly from what's in 0.2.7 and master, because we didn't backport new utility functions and refactoring to 0.2.6.

comment:10 Changed 4 years ago by nickm

Keywords: TorCoreTeam201601 201512-deferred added; TorCoreTeam201512 removed

Perhaps in January?

comment:11 Changed 4 years ago by nickm

Bulk-modify: It is February 2016, and no longer possible that anything else will get done in January 2016. Time's arrow and all that.

comment:12 Changed 4 years ago by nickm

Keywords: TorCoreTeam201602 added; TorCoreTeam201601 removed

comment:13 Changed 4 years ago by nickm

Keywords: TorCoreTeam201602 removed

comment:14 Changed 3 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.7.x-final
Parent ID: #17027
Resolution: fixed
Status: needs_reviewclosed

Not backportable. Marking as closed-in-0.2.7

Note: See TracTickets for help on using tickets.