Opened 4 years ago

Closed 4 years ago

#18208 closed defect (fixed)

Refresh Exit policy when interface addresses change

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201602, 027-backport, security
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Since 0.2.7.3, we've incorporated Exit relays' interface addresses in reject lines in their Exit policies.

But we haven't been refreshing those exit policies when interface addresses change.

Child Tickets

Change History (2)

comment:1 Changed 4 years ago by teor

Keywords: security added
Status: newneeds_review

Please see my branch bug18208, based on master.

It's going to be non-trivial to backport this to 0.2.7, due to the scheduled tasks refactor.
I'm not sure if it's important enough to do it, because this issue only applies to:

  • exit relays,
  • that have non-private address changes on interfaces,
  • that have insecure services running that trust connections from localhost.

comment:2 Changed 4 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged! And IMO 028 is fine.

Note: See TracTickets for help on using tickets.