Opened 9 years ago

Closed 9 years ago

#2151 closed defect (not a bug)

Security Hole: FTP and Gopher

Reported by: johndoe32102002 Owned by: mikeperry
Priority: Medium Milestone:
Component: Applications/Torbutton Version: Torbutton: 1.2.5
Severity: Keywords:
Cc: johndoe32102002 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In TorButton's Preferences, the programmer left out FTP and Gopher settings. This is a security hole because a malicious webserver/user can post a gopher or ftp link on a website or onion site visited through TOR and expose the user's external IP address.

Patch: A patch must be released that updates FTP and Gopher with a null proxy, such as 127.0.0.1:1 (and have the TorButton ensure no service is running on the null port).

Child Tickets

Attachments (1)

Torbutton-Preferences.png (36.2 KB) - added by johndoe32102002 9 years ago.
TorButton's Preferences Incorrectly Set

Download all attachments as: .zip

Change History (5)

Changed 9 years ago by johndoe32102002

Attachment: Torbutton-Preferences.png added

TorButton's Preferences Incorrectly Set

comment:1 Changed 9 years ago by arma

Priority: criticalnormal

Unset proxies (like ftp and gopher in our case) use the socks proxy. So there is no problem here, I believe.

Also, there are other protocols that firefox handles that don't have a line in the proxy settings window that you ought to be worrying about too. Fortunately, they also use the socks proxy if it's set.

comment:2 Changed 9 years ago by johndoe32102002

Fortunately, those two protocols will go through the socks proxy if it's set. The Gopher issue will be resolved in Firefox4 with the disappearance of Gopher, but the FTP should be set. Can Privoxy/Polipo handle FTP? It would be safer if it went through one of those first.

comment:3 in reply to:  2 Changed 9 years ago by arma

Replying to johndoe32102002:

Can Privoxy/Polipo handle FTP? It would be safer if it went through one of those first.

They can't handle ftp, and in any case it wouldn't be any safer to send the traffic through them. We only use an http proxy because of various bugs in Firefox's socks support. Any safety mechanisms should be done inside Torbutton, not in the http proxy.

comment:4 Changed 9 years ago by arma

Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.