r13919@Kushana: nickm | 2007-08-02 10:58:31 -0700

Warn about unsafe ControlPort configurations. svn:r11038
2007-08-02 21:03:40 +00:00 · 2007-08-02 21:03:40 +00:00 · 1c513979fc
parent ba28346f2f
commit 1c513979fc
2 changed files with 34 additions and 0 deletions
--- a/3
+++ b/3
@ -2,6 +2,9 @@ Changes in version 0.2.0.5-alpha - 2007-??-??
  o Major bugfixes (compilation):
    - Try to fix win32 compilation again: Improve checking for ipv6 types.

+  o Minor featuers (security):
+    - Warn about unsafe ControlPort configurations.
+

 Changes in version 0.2.0.4-alpha - 2007-08-01
  o Major security fixes:
--- a/src/or/config.c
+++ b/src/or/config.c
@ -2884,6 +2884,37 @@ options_validate(or_options_t *old_options, or_options_t *options,
  if (options->HashedControlPassword && options->CookieAuthentication)
    REJECT("Cannot set both HashedControlPassword and CookieAuthentication");

+  if (options->ControlListenAddress) {
+    int all_are_local = 1;
+    config_line_t *ln;
+    for (ln = options->ControlListenAddress; ln; ln = ln->next) {
+      if (strcmpstart(ln->value, "127."))
+        all_are_local = 0;
+    }
+    if (!all_are_local) {
+      if (!options->HashedControlPassword && !options->CookieAuthentication) {
+        log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
+                 "connections from a non-local address.  This means that "
+                 "any program on the internet can reconfigure your Tor. "
+                 "That's so bad that I'm closing your ControlPort for you.");
+        options->ControlPort = 0;
+      } else {
+        log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
+                 "connections from a non-local address.  This means that "
+                 "programs not running on your computer can reconfigure your "
+                 "Tor.  That's pretty bad!");
+      }
+    }
+  }
+
+  if (options->ControlPort && !options->HashedControlPassword &&
+      !options->CookieAuthentication) {
+    log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
+             "has been configured.  This means that any program on your "
+             "computer can reconfigure your Tor.  That's bad!  You should "
+             "upgrade your Tor controller as soon as possible.");
+  }
+
  if (options->UseEntryGuards && ! options->NumEntryGuards)
    REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");