Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Trac@tracbot

Security Hole: FTP and Gopher

In TorButton's Preferences, the programmer left out FTP and Gopher settings. This is a security hole because a malicious webserver/user can post a gopher or ftp link on a website or onion site visited through TOR and expose the user's external IP address.

Patch: A patch must be released that updates FTP and Gopher with a null proxy, such as 127.0.0.1:1 (and have the TorButton ensure no service is running on the null port).

Trac:
Username: johndoe32102002

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information