[Pkg-anonymity-tools] Bug#775792: torsocks: please add whitelisting for local ports

[Jérémy Bobbio]

Control: severity -1 wishlist
Control: retitle -1 torsocks: please add whitelisting for local ports
Control: tags -1 + upstream

treaki:
> i tryed to use torsocks on ssh with x forward enabled (-X) but i
> failed for an unknown reason.

The reason is explained in the error message:

> treaki at hostname:~$ xterm
> [Jan 20 00:32:24] WARNING torsocks[31250]: [connect] Connection to a
> local address are denied since it might be a TCP DNS query to a local
> DNS server. Rejecting it for safety reasons. (in tsocks_connect() at
> connect.c:177)

torsocks tries to prevent an application from making DNS query without
going through Tor, and so reject the connection to localhost. This is
good.

For the specific case of SSH forwarding to work, torsocks is missing a
way to specify a list of ports that can be declared safe by users (as in
“I know this port can not be used to deanonymize me”). The syntax could
be something like:

    AllowLocalhostConnectionsToPorts 6010 6011

For your specific example of xterm, you can always call torsocks in the
newly created shell instead of having torsocks wrap xterm.

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.alioth.debian.org/mailman/private/pkg-anonymity-tools/attachments/20150120/1a729101/attachment.sig>