Opened 11 years ago

Last modified 7 years ago

#894 closed defect (Not a bug)

Tor behaves arrogant (ControlListenAddress)

Reported by: iblue Owned by: nickm
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.0.32
Severity: Keywords:
Cc: iblue, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When I set in torrc:
--
ControlPort 9051
ControlListenAddress 192.168.14.1:9051
--

Tor says:
--
Dec 25 17:57:38.866 [notice] Tor v0.2.0.31 (r16744). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
Dec 25 17:57:38.897 [warn] You have a ControlListenAddress set to accept connections from a non-local address. This means that any program on the internet can reconfigure your Tor. That's so bad that I'm closing your ControlPort for you.
--

That's wrong.

  1. 192.168.* is not the internet.
  2. I am root. Programs do, what I want. Even if I decide to open a ControlPort on 0.0.0.0, tor has to follow my command. I am the almighty operator. Period. :-)

You could ask, why somebody would set the ControlListenAddress to a local network. The answer is simple: I am running some virtual machines on 192.168.14.*, they only see the host computer as 192.168.14.1 and nothing else. On these machines I want to use trans-proxy-tor, which needs to connect to the control port to work.

I have attached a patch.

Patch:
--- src/or/config.c.orig 2008-12-25 18:18:13.000000000 +0100
+++ src/or/config.c 2008-12-25 18:19:39.000000000 +0100
@@ -3216,8 +3216,7 @@

log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "

"connections from a non-local address. This means that "
"any program on the internet can reconfigure your Tor. "

  • "That's so bad that I'm closing your ControlPort for you.");
  • options->ControlPort = 0;

+ "That's pretty bad.");

} else {

log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "

"connections from a non-local address. This means that "

[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (4)

comment:1 Changed 11 years ago by nickm

I've changed the log message to give more helpful suggestions about why exactly it is doing this, and what people
can do instead in order to get secure remote access to the control port.

I haven't removed the "options->ControlPort=0;" line. It saves lots of less-knowledgeable users from shooting
themselves in the foot. More knowledgeable users can remove the check (as you've done), or use iptables (or
your local equivalent) to forward incoming connections.

Alternatively, you could use HashedControlPassword to set your password to the hashed value of "".
If there is any password at all, then Tor will cheerfully let you bind your control port to 192.168.*,
or 0.0.0.0, or whatever. Example:

% tor --quiet --hash-password ""
16:58E1D0B5E9E4ACD060C8CB742260C6F7BB8D7EF806C50F1DEB00783EDB
% tor --hashedcontrolpassword 16:58E1D0B5E9E4ACD060C8CB742260C6F7BB8D7EF806C50F1DEB00783EDB \

--controllistenaddress 192.168.0.0/16 --controlport 9100

[...]

% telnet 0.0.0.0 9100
Trying 0.0.0.0...
Connected to 0.0.0.0.
Escape character is '^]'.
AUTHENTICATE
250 OK

comment:2 Changed 11 years ago by nickm

Closing as Not a bug.

comment:3 Changed 11 years ago by nickm

flyspray2trac: bug closed.

comment:4 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.