diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-08-27 11:16:44 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-08-27 11:19:29 -0400 |
| commit | b7c172c9ec762363562220a354feefc521970d7c (patch) | |
| tree | d4262db650b35abda2600b0fa284a7133882861f /doc/tor.1.txt | |
| parent | ce4add498f6af197a0e856d262825d547f898305 (diff) | |
| download | tor-b7c172c9ec762363562220a354feefc521970d7c.tar.gz tor-b7c172c9ec762363562220a354feefc521970d7c.zip | |
Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.
Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.
Fix for bug 6710; bugfix on all released versions of Tor.
Diffstat (limited to 'doc/tor.1.txt')
| -rw-r--r-- | doc/tor.1.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e7ba8485c0..7e0751b2b2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1470,6 +1470,11 @@ is non-zero): its extra-info documents that it uploads to the directory authorities. (Default: 1) +**ExtendAllowPrivateAddresses** **0**|**1**:: + When this option is enabled, Tor routers allow EXTEND request to + localhost, RFC1918 addresses, and so on. This can create security issues; + you should probably leave it off. (Default: 0) + DIRECTORY SERVER OPTIONS ------------------------ @@ -1795,6 +1800,7 @@ The following options are used for running a testing Tor network. ClientRejectInternalAddresses 0 CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 + ExtendAllowPrivateAddresses 1 V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds V3AuthDistDelay 20 seconds |