Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T16:09:21Zhttps://gitlab.torproject.org/legacy/trac/-/issues/13256torsocks 1.3 possibly leaks username2020-06-13T16:09:21ZTractorsocks 1.3 possibly leaks usernameHi!
Disclaimer:
Not sure if I should have opened this bug report since it's for an old version and torsocks is now on 2.0, but 1.3 is the current version of torsocks in the Ubuntu 14.04 (LTS) repositories, which means it will still be s...Hi!
Disclaimer:
Not sure if I should have opened this bug report since it's for an old version and torsocks is now on 2.0, but 1.3 is the current version of torsocks in the Ubuntu 14.04 (LTS) repositories, which means it will still be so for some time.
Recently while playing with torsocks, wget and wireshark, I discovered something that looks like the name of the user running torsocks is leaked somehow. It's reproducible always that https is not used and torsocks is configured to use SOCKS4 (SOCKS5 unaffected). Please see the attached a screenshot for easier explanation.
Thankfully, these bytes won't leave the loopback interface hardly ever thanks to the default configuration of Tor, but in some configurations it could be considered dangerous. Furthermore, doc/socks/socks-extensions.txt says that usernames are ignored in SOCKS4 and SOCKS4A. Isn't it better to send random characters then instead of the user running it?
I haven't had a deep look at the torsocks code but I think these calls are the key :
src/socks.c: user = getpwuid(getuid());
These calls seem that were there since the beginning of the project but are not anymore in the latest version.
If you considered this is a bug, we should notify distributions. Otherwise if this behaviour is expected, just close this report ;)
**Trac**:
**Username**: p4blogDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.org