Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #2151

Closed
Open
Opened Nov 01, 2010 by Trac@tracbot

Security Hole: FTP and Gopher

In TorButton's Preferences, the programmer left out FTP and Gopher settings. This is a security hole because a malicious webserver/user can post a gopher or ftp link on a website or onion site visited through TOR and expose the user's external IP address.

Patch: A patch must be released that updates FTP and Gopher with a null proxy, such as 127.0.0.1:1 (and have the TorButton ensure no service is running on the null port).

Trac:
Username: johndoe32102002

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#2151