Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

merge in the safecookie changelog entry too

Roger Dingledine 13 years ago
parent
65bf007a77
commit
de73e3692a
2 changed files with 7 additions and 9 deletions
Split View Show Diff Stats
  1. 7 0
      ChangeLog
  2. 0 9
      changes/safecookie

+ 7 - 0
ChangeLog
View File 

@@ -7,6 +7,13 @@ Changes in version 0.2.3.13-alpha - 2012-03-26
 
     - Change IP address for maatuska (v3 directory authority).
 
 
   o Security fixes:
 
+    - Provide controllers with a safer way to implement the cookie
 
+      authentication mechanism. With the old method, if another locally
 
+      running program could convince a controller that it was the Tor
 
+      process, then that program could trick the contoller into telling
 
+      it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
 
+      authentication method uses a challenge-response approach to prevent
 
+      this attack. Fixes bug 5185, implements proposal 193.
 
     - Never use a bridge or a controller-supplied node as an exit, even
 
       if its exit policy allows it. Found by wanoskarnet. Fixes bug
 
       5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors)

+ 0 - 9
changes/safecookie
View File 

@@ -1,9 +0,0 @@
 
-  o Security Features:
 
-    - Provide controllers with a safer way to implement the cookie
 
-      authentication mechanism. With the old method, if another locally
 
-      running program could convince a controller that it was the Tor
 
-      process, then that program could trick the contoller into
 
-      telling it the contents of an arbitrary 32-byte file. The new
 
-      "SAFECOOKIE" authentication method uses a challenge-response
 
-      approach to prevent this. Fixes bug 5185, implements proposal 193. 
-