Opened 5 weeks ago

Last modified 9 days ago

#32756 new defect

SocksPolicy has no way to refer to AF_UNIX sockets

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: ageisp0lis, neel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Imagine you set your torrc to say

SOCKSPort PreferSOCKSNoAuth IsolateSOCKSAuth KeepAliveIsolateSOCKSAuth IsolateClientAddr IPv6Traffic CacheDNS CacheIPv4DNS UseIPv4Cache UseDNSCache
+SOCKSPort unix:/run/tor/socks GroupWritable WorldWritable RelaxDirModeCheck CacheDNS CacheIPv4DNS UseIPv4Cache UseDNSCache
SOCKSPolicy accept
SOCKSPolicy accept
SOCKSPolicy accept
SOCKSPolicy accept
SOCKSPolicy accept
SOCKSPolicy accept
SOCKSPolicy reject *

and then you try to make a connection to your local socks socket. You'll get

[notice] {APP} Denying socks connection from untrusted address AF_UNIX.

I think that happens because of the final "reject *" item in the sockspolicy.

How should this person write "and I want to allow connections to the socks socket too" in their sockspolicy?

A workaround in the meantime was to write "SocksPolicy reject *4" at the end rather than *. But it seems like being able to explicitly refer to AF_UNIX would be a good feature to have. Maybe "SocksPolicy accept unix" is the right syntax?

Child Tickets

Change History (5)

comment:1 Changed 5 weeks ago by arma

Cc: ageisp0lis added; ageis removed

comment:2 Changed 5 weeks ago by dgoulet

Milestone: Tor: unspecified

comment:3 Changed 2 weeks ago by neel

Cc: neel added
Owner: set to neel
Status: newassigned

comment:4 Changed 9 days ago by neel

Owner: neel deleted

comment:5 Changed 9 days ago by neel

Status: assignednew
Note: See TracTickets for help on using tickets.