Merge remote-tracking branch 'origin/maint-0.2.2'

Conflicts: src/or/control.c
author: Nick Mathewson <nickm@torproject.org> 2012-03-26 18:51:37 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-03-26 18:51:37 -0400
commit: 5a2d0fbe64eda754a87ec35cfbd5d49c91ebc4b2 (patch)
tree: 1a5096affb2660985bee8e5486018fdee35c08c2 /changes
parent: f5c59eb28a82b5dbdf9e08955cd6129e8b824c4e (diff)
parent: 9740f067c4bed47beb63483be4f4636167a04019 (diff)
download: tor-5a2d0fbe64eda754a87ec35cfbd5d49c91ebc4b2.tar.gz
tor-5a2d0fbe64eda754a87ec35cfbd5d49c91ebc4b2.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/safecookie b/changes/safecookie
new file mode 100644
index 0000000000..fd7d7af2b0
--- /dev/null
+++ b/changes/safecookie
@@ -0,0 +1,9 @@
+  o Security Features:
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the contoller into
+      telling it the contents of an arbitrary 32-byte file. The new
+      "SAFECOOKIE" authentication method uses a challenge-response
+      approach to prevent this. Fixes bug 5185, implements proposal 193. 
+
author	Nick Mathewson <nickm@torproject.org>	2012-03-26 18:51:37 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-03-26 18:51:37 -0400
commit	5a2d0fbe64eda754a87ec35cfbd5d49c91ebc4b2 (patch)
tree	1a5096affb2660985bee8e5486018fdee35c08c2 /changes
parent	f5c59eb28a82b5dbdf9e08955cd6129e8b824c4e (diff)
parent	9740f067c4bed47beb63483be4f4636167a04019 (diff)
download	tor-5a2d0fbe64eda754a87ec35cfbd5d49c91ebc4b2.tar.gz tor-5a2d0fbe64eda754a87ec35cfbd5d49c91ebc4b2.zip