Opened 7 years ago

Closed 7 years ago

#7836 closed defect (fixed)

Incorrect "non-loopback address" warnings

Reported by: fk Owned by: nickm
Priority: Very Low Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version: Tor: 0.2.4.7-alpha
Severity: Keywords: tor-relay 023-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When running Tor in a FreeBSD jail with the IP address 10.0.0.2, a torrc that contains these directives:

TransListenAddress 127.0.0.1
SocksListenAddress 10.0.0.2
ControlListenAddress 127.0.0.1

Results in these messages:

Dec 31 11:27:31.879 [notice] Tor v0.2.4.7-alpha (git-e46e1ed1bc50ad24) (with bufferevents) running on FreeBSD with Libevent 2.0.16-stable and OpenSSL 1.0.1c.
Dec 31 11:27:31.880 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 31 11:27:31.880 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Dec 31 11:27:31.880 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Dec 31 11:27:31.893 [notice] You configured a non-loopback address '10.0.0.2:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 31 11:27:31.893 [notice] You configured a non-loopback address '10.0.0.2:9050' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 31 11:27:31.893 [notice] You configured a non-loopback address '10.0.0.2:9050' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
[...]
Dec 31 11:27:31.895 [notice] You configured a non-loopback address '10.0.0.2:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 31 11:27:31.895 [notice] You configured a non-loopback address '10.0.0.2:9050' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 31 11:27:31.895 [notice] You configured a non-loopback address '10.0.0.2:9050' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 31 11:27:31.895 [notice] Opening Socks listener on 10.0.0.2:9050
Dec 31 11:27:31.896 [notice] Opening DNS listener on 127.0.0.1:53
Dec 31 11:27:31.896 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Dec 31 11:27:31.896 [notice] Opening Control listener on 127.0.0.1:9051
Dec 31 11:27:31.896 [notice] Opening Control listener on /var/run/tor/tor-socket

The fact that some messages are shown twice is #4019, this report is about the incorrect warnings for the listeners on 127.0.0.1. It looks like the Socks address 10.0.0.2:9050 is used for all complaints.

With a torrc that contains these directives:

TransListenAddress 127.0.0.1
SocksListenAddress 127.0.0.1
ControlListenAddress 127.0.0.1

No warnings are shown, even though the risk (in the described FreeBSD jail) is equivalent.

Dec 31 12:19:17.414 [notice] Tor v0.2.4.7-alpha (git-e46e1ed1bc50ad24) (with bufferevents) running on FreeBSD with Libevent 2.0.16-stable and OpenSSL 1.0.1c.
Dec 31 12:19:17.415 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 31 12:19:17.415 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Dec 31 12:19:17.415 [notice] Read configuration file "/usr/local/etc/tor/torrc".
[...]
Dec 31 12:19:17.431 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 31 12:19:17.431 [notice] Opening DNS listener on 127.0.0.1:53
Dec 31 12:19:17.431 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Dec 31 12:19:17.431 [notice] Opening Control listener on 127.0.0.1:9051
Dec 31 12:19:17.431 [notice] Opening Control listener on /var/run/tor/tor-socket

Child Tickets

Change History (8)

comment:1 Changed 7 years ago by nickm

Keywords: tor-relay added
Milestone: Tor: unspecified

Is there a good way for the program to detect when these addresses are local and when they aren't?

comment:2 in reply to:  1 Changed 7 years ago by fk

Replying to nickm:

Is there a good way for the program to detect when these addresses are local and when they aren't?

If you mean whether or not the addresses belong to the jail the application is running in then yes.

The application can check the security.jail.jailed sysctl to see if it's running in a jail and if it is, it knows that all visible IP addresses
belong to the jail. 127.0.0.1 is special in a jail because binding to it transparently binds the application to the jail's IP address.

Looking at lo1 from outside and inside the jail:

fk@r500 ~ $ifconfig lo1
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 192.168.6.100 netmask 0xffffff00 
	inet 10.0.0.1 netmask 0xff000000 
	inet 10.0.0.2 netmask 0xff000000 
	inet 10.0.0.3 netmask 0xff000000 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
fk@r500 ~ $sudo jexec 1 sh -c "hostname; ifconfig lo1"
tor-jail
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet 10.0.0.2 netmask 0xff000000 
ifconfig: socket(AF_INET6, SOCK_DGRAM): Protocol not supported

Having said that, I'm not sure why Tor should bother with this.

I'd consider this bug fixed if:

TransListenAddress 127.0.0.1
SocksListenAddress 10.0.0.2
ControlListenAddress 127.0.0.1

would only result in a complaint about SocksListenAddress. I haven't looked at Tor's code, but I assume that this doesn't require any jail-specific code. If it does, I could probably provide it, though.

Another fix would be to disable all these address checks after detecting that Tor is running in a jail and either logging nothing, or something generic like: "Tor is running in a jail and thus not be able to reliably warn about potentially dangerous binding addresses".

comment:3 Changed 7 years ago by nickm

Keywords: 023-backport added

Ah; the reporting bug seems to have nothing to actually do with a jail. Also, it occurs in 0.2.3.

comment:4 Changed 7 years ago by nickm

Status: newneeds_review

The branch "bug7836" in my public repository seems like a right fix here. Can anyone review? I've marked it as 023-backport since the bug exists in 0.2.3, but IMO this doesn't cross the threshold of what we backport.

(Also, this is trivial enough that I might just go and merge it)

comment:5 Changed 7 years ago by fk

I'm not really familiar with the code in question, but ee4182612f7 itself looks good to me and works as advertised.

Thanks, Nick.

comment:6 Changed 7 years ago by nickm

Milestone: Tor: unspecifiedTor: 0.2.3.x-final
Owner: set to nickm
Status: needs_reviewaccepted

Okay. Merged it into master, and noting it for a possible backport into 0.2.3, which I don't currently expect to happen.

comment:7 Changed 7 years ago by arma

I'd vote against backport, since we've survived this long without much ill effect.

comment:8 Changed 7 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: 0.2.4.x-final
Resolution: fixed
Status: acceptedclosed

Okay. Not backporting.

Note: See TracTickets for help on using tickets.