diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-08-27 15:33:58 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-08-27 15:33:58 +0000 |
| commit | d3224bad42957bf2e1751c7a1731c8956e003530 (patch) | |
| tree | 02b92176af96af5ce487d47adfffe5d3fefba5f3 /src/or/config.c | |
| parent | 0608ec71fdbd25da4195fd0e40ccd1bec7f3a0a5 (diff) | |
| download | tor-d3224bad42957bf2e1751c7a1731c8956e003530.tar tor-d3224bad42957bf2e1751c7a1731c8956e003530.tar.gz | |
r14227@Kushana: nickm | 2007-08-27 11:33:28 -0400
Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address. This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort. Also clarify behavior in some comments. Backport candiate?
svn:r11287
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c index 3c7341efc..6f747ed47 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -143,6 +143,8 @@ static config_var_t _option_vars[] = { VAR("Bridge", LINELIST, Bridges, NULL), VAR("CircuitBuildTimeout", INTERVAL, CircuitBuildTimeout, "1 minute"), VAR("CircuitIdleTimeout", INTERVAL, CircuitIdleTimeout, "1 hour"), + VAR("ClientDNSRejectInternalAddresses", BOOL, + ClientDNSRejectInternalAddresses, "1"), VAR("ClientOnly", BOOL, ClientOnly, "0"), VAR("ConnLimit", UINT, ConnLimit, "1000"), VAR("ConstrainedSockets", BOOL, ConstrainedSockets, "0"), @@ -827,7 +829,8 @@ options_act_reversible(or_options_t *old_options, char **msg) int logs_marked = 0; /* Daemonize _first_, since we only want to open most of this stuff in - * the subprocess. */ + * the subprocess. Libevent bases can't be reliably inherited across + * processes. */ if (running_tor && options->RunAsDaemon) { /* No need to roll back, since you can't change the value. */ start_daemon(); |