diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-09-15 18:34:18 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-09-16 02:56:50 +1000 |
| commit | 098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d (patch) | |
| tree | bc40d90c97de2a09a6c1e277ea3c5f2c455f8787 /changes | |
| parent | 31eb486c4624d1437d982ffdfc1f9d7d83c5ffd6 (diff) | |
| download | tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.tar.gz tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.zip | |
ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
* the relay's published IPv6 address (if any), and
* any publicly routable IPv4 or IPv6 addresses on any local interfaces.
This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.
Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug17027-reject-private-all-interfaces | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/changes/bug17027-reject-private-all-interfaces b/changes/bug17027-reject-private-all-interfaces index 2801642f8a..755cd5c9f2 100644 --- a/changes/bug17027-reject-private-all-interfaces +++ b/changes/bug17027-reject-private-all-interfaces @@ -1,5 +1,6 @@ o Minor bug fixes (security, exit policies): - - Add get_interface_address[6]_list by refactoring - get_interface_address6. Add unit tests for new and existing functions. - Preparation for ticket 17027. Patch by "teor". + - ExitPolicyRejectPrivate rejects more private addresses by default: + * the relay's published IPv6 address (if any), and + * any publicly routable IPv4 or IPv6 addresses on any local interfaces. + Resolves ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha. |