Opened 5 years ago

Closed 5 years ago

#18208 closed defect (fixed)

Refresh Exit policy when interface addresses change

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201602, 027-backport, security
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Since, we've incorporated Exit relays' interface addresses in reject lines in their Exit policies.

But we haven't been refreshing those exit policies when interface addresses change.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by teor

Keywords: security added
Status: newneeds_review

Please see my branch bug18208, based on master.

It's going to be non-trivial to backport this to 0.2.7, due to the scheduled tasks refactor.
I'm not sure if it's important enough to do it, because this issue only applies to:

  • exit relays,
  • that have non-private address changes on interfaces,
  • that have insecure services running that trust connections from localhost.

comment:2 Changed 5 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged! And IMO 028 is fine.

Note: See TracTickets for help on using tickets.