Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#6138 closed enhancement (not a bug)

Refine AllowDotExit option

Reported by: mr-4 Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This is not a bug (or may be, depending on the way you look at it), but merely a suggestion to improve security.

As far as I know, "AllowDotExit 1" allows .exit addresses indiscriminately, without any restrictions.

This, in my view, isn't very wise as I could access web pages with web bugs in them, redirecting/forcing my browser to access .exit addresses without my knowledge.

This, at best, would reveal that I am using tor, and at worse could redirect my browser to places I don't want to go!

Would it be possible to have an option for AllowDotExit to restrict access *only* to MapAddress(es) defined in torrc and nothing else?


Child Tickets

Change History (4)

comment:1 Changed 7 years ago by mr-4

Resolution: not a bug
Status: newclosed

Please ignore the above - I don't know what I was thinking when submitted it...Once again, apologies for the noise!

comment:2 Changed 7 years ago by nickm

The intended behavior of AllowDotExit 0 is that .exit should still work with MapAddress. Note that the behavior is only documented to affect addresses from the client, not addresses from the controller or the configuration:

    If enabled, we convert "" addresses on the
    SocksPort/TransPort/NATDPort into "" addresses that exit from
    the node "foo". Disabled by default since attacking websites and exit
    relays can use it to manipulate your path selection. (Default: 0)

But there is a bug (#3940) that stops MapAddress from working right here. It has a fix under review that could use some testing.

comment:3 Changed 7 years ago by nickm

Keywords: tor-client added

comment:4 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.