Opened 8 months ago

Last modified 2 weeks ago

#22068 accepted defect

Make it explicit that Torsocks won't work correctly in certain scenarios in the README

Reported by: Franciscouzo Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords: easy, doc
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As far as I understand, Torsocks works by setting LD_PRELOAD, so an application that doesn't uses libc, and instead uses syscalls directly will be able to bypass torsocks and connect directly to the Internet.

I think a warning about it on the README file, and MAN page is needed, besides making it explicit that using Torsocks is not 100% safe as the README might make you think, for example:

Torsocks allows you to use most applications in a safe way with Tor. It ensures that DNS requests are handled safely and explicitly rejects any traffic other than TCP from the application you're using.
Torsocks is an ELF shared library that is loaded before all others. The library overrides every needed Internet communication libc function calls such as connect(2) or gethostbyname(3).
This process is transparent to the user and if torsocks detects any communication that can't go through the Tor network such as UDP traffic, for instance, the connection is denied. If, for any reason, there is no way for torsocks to provide the Tor anonymity guarantee to your application, torsocks will force the application to quit and stop everything.

Child Tickets

Change History (2)

comment:1 Changed 8 months ago by dgoulet

Keywords: easy doc added
Status: newaccepted

Indeed! I'm very happy to take a patch or a suggestion of text here :). Else, I'll try to come up with something next release!

Thanks!

comment:2 Changed 2 weeks ago by cypherpunks

for any reason, there is no way for torsocks to provide the Tor anonymity guarantee to your application, torsocks will force the application to quit and stop everything.

But torsocks does not do this. If there is no way to guarantee the traffic is torified, torsocks silently lets the traffic through (e.g. raw assembly being used to call syscalls).

Note: See TracTickets for help on using tickets.