Opened 4 years ago

Last modified 2 years ago

#17953 new defect

Fallback to resolving localhost when interface searches fail

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client address-detection localhost
Cc: Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor:

Description

As described in #17949 & #17901, tor needs to know the loopback address.

We can fall back to resolving localhost on systems that don't return any loopback addresses when their interfaces are enumerated.

We need to check that the returned values are standard 127/8 or [::1]. This allows tor to work on non-127.0.0.1 loopback IPv4 systems, and IPv6-only systems, without the security issues inherent in trusting a possibly non-local resolver.

Child Tickets

Change History (11)

comment:1 Changed 4 years ago by teor

Keywords: 026-backport 027-backport security added

Marked for backport as a dependency of #17901.

comment:2 Changed 4 years ago by teor

Parent ID: #17991

comment:3 Changed 4 years ago by teor

Keywords: 026-backport 027-backport security removed
Parent ID: #17991

I don't think this is a dependency of #17901 any more - their implementation transparently redirects connections to 127.0.0.1 to the non-loopback, potentially public, jail IP address.

Finding loopback addresses doesn't help with that if there are none.

However, if the jail has a non-127.0.0.1 loopback address that's still in 127/8, #17991 would help with that.

comment:4 Changed 4 years ago by teor

Milestone: Tor: 0.2.8.x-finalTor: 0.2.9.x-final

comment:5 Changed 3 years ago by nickm

Points: 3

comment:6 Changed 3 years ago by teor

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???
Owner: teor deleted
Status: newassigned

I don't have time to do this in 0.2.9.

comment:7 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:8 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:9 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:10 Changed 2 years ago by nickm

Status: assignednew

Change the status of all assigned/accepted Tor tickets with owner="" to "new".

comment:11 Changed 2 years ago by nickm

Keywords: tor-client address-detection localhost added
Note: See TracTickets for help on using tickets.