diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-08-02 21:03:40 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-08-02 21:03:40 +0000 |
| commit | 1c513979fc578a6fe434e6bf459ab5643f82bd77 (patch) | |
| tree | 8bef6a03559a507dfd0977c79040222d88522fe2 | |
| parent | ba28346f2f0f4c01fedb3d0039d2265af5b3ce1b (diff) | |
| download | tor-1c513979fc578a6fe434e6bf459ab5643f82bd77.tar.gz tor-1c513979fc578a6fe434e6bf459ab5643f82bd77.zip | |
r13919@Kushana: nickm | 2007-08-02 10:58:31 -0700
Warn about unsafe ControlPort configurations.
svn:r11038
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/or/config.c | 31 |
2 files changed, 34 insertions, 0 deletions
@@ -2,6 +2,9 @@ Changes in version 0.2.0.5-alpha - 2007-??-?? o Major bugfixes (compilation): - Try to fix win32 compilation again: Improve checking for ipv6 types. + o Minor featuers (security): + - Warn about unsafe ControlPort configurations. + Changes in version 0.2.0.4-alpha - 2007-08-01 o Major security fixes: diff --git a/src/or/config.c b/src/or/config.c index e1af878de7..732bb0d784 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2884,6 +2884,37 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->HashedControlPassword && options->CookieAuthentication) REJECT("Cannot set both HashedControlPassword and CookieAuthentication"); + if (options->ControlListenAddress) { + int all_are_local = 1; + config_line_t *ln; + for (ln = options->ControlListenAddress; ln; ln = ln->next) { + if (strcmpstart(ln->value, "127.")) + all_are_local = 0; + } + if (!all_are_local) { + if (!options->HashedControlPassword && !options->CookieAuthentication) { + log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept " + "connections from a non-local address. This means that " + "any program on the internet can reconfigure your Tor. " + "That's so bad that I'm closing your ControlPort for you."); + options->ControlPort = 0; + } else { + log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept " + "connections from a non-local address. This means that " + "programs not running on your computer can reconfigure your " + "Tor. That's pretty bad!"); + } + } + } + + if (options->ControlPort && !options->HashedControlPassword && + !options->CookieAuthentication) { + log_warn(LD_CONFIG, "ControlPort is open, but no authentication method " + "has been configured. This means that any program on your " + "computer can reconfigure your Tor. That's bad! You should " + "upgrade your Tor controller as soon as possible."); + } + if (options->UseEntryGuards && ! options->NumEntryGuards) REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0"); |