From b7c172c9ec762363562220a354feefc521970d7c Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 27 Aug 2012 11:16:44 -0400
Subject: Disable extending to private/internal addresses by default

This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
---
 doc/tor.1.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc/tor.1.txt')

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index e7ba8485c0..7e0751b2b2 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1470,6 +1470,11 @@ is non-zero):
     its extra-info documents that it uploads to the directory authorities.
     (Default: 1)
 
+**ExtendAllowPrivateAddresses** **0**|**1**::
+    When this option is enabled, Tor routers allow EXTEND request to
+    localhost, RFC1918 addresses, and so on. This can create security issues;
+    you should probably leave it off. (Default: 0)
+
 DIRECTORY SERVER OPTIONS
 ------------------------
 
@@ -1795,6 +1800,7 @@ The following options are used for running a testing Tor network.
        ClientRejectInternalAddresses 0
        CountPrivateBandwidth 1
        ExitPolicyRejectPrivate 0
+       ExtendAllowPrivateAddresses 1
        V3AuthVotingInterval 5 minutes
        V3AuthVoteDelay 20 seconds
        V3AuthDistDelay 20 seconds
-- 
cgit v1.2.3-54-g00ecf