[Whonix-devel] [qubes-devel] Re: Circuit isolating proxy?

Marek Marczykowski-Górecki marmarek at invisiblethingslab.com
Mon Dec 12 00:42:02 CET 2016

Hash: SHA256

On Sun, Dec 11, 2016 at 11:13:00PM +0000, Patrick Schleizer wrote:
> > Possible solution: a piece of software intended to be used on
> > whonix-gw which opens one network interface per circuit,
> It's an interesting idea.
> So the application talks to a virtual network interface directly rather
> than directly to a Tor SocksPort?
> - Then this virtual network interface would eventually talk to a Tor
> SocksPort?
> - Okay, if I got that right, the application couldn't try to exploit a
> bug in Tor's socks implementation. So the tun2socks application would
> have to be more resistant against exploitation than Tor's socks code?

I think it is *REALLY BAD* idea to add additional, hand-crafted IP
packet parser (tun2socks). Pretty much the same data will reach tor
socks anyway, but you'll add another attack surface of tun2socks.
Socks protocol isn't that complex to worth hiding behind such complex
thing like tun2socks. Socks is just a request packet ("where connect
to") followed by unmodified TCP stream. Tor needs to parse only that
initial request packet.

What is worth guarding, it tor control socket, and it isn't directly
exposed. There is "control-port-filter-python" (or something else in new
Whonix version?) to filter it. IMO it would be much better if control
port wouldn't be exposed at all, but unfortunately some applications do
require it.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Version: GnuPG v2


More information about the Whonix-devel mailing list