From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.bugs Subject: bug#53941: 27.2; socks + tor dont work with https Date: Mon, 16 Sep 2024 15:34:19 +0200 Message-ID: <87msk7k9ic.fsf@gmail.com> References: <87a5h2lxof.fsf@librehacker.com> <87ldzss6j5.fsf@neverwas.me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1410"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Christopher Howard , 53941@debbugs.gnu.org, Stefan Kangas , larsi@gnus.org, Eli Zaretskii , gnuhacker@member.fsf.org To: "J.P." Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Sep 16 15:36:04 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sqBtc-0000EU-Ci for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 16 Sep 2024 15:36:04 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sqBtN-0002BL-Sw; Mon, 16 Sep 2024 09:35:49 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sqBtM-0002B8-MT for bug-gnu-emacs@gnu.org; Mon, 16 Sep 2024 09:35:48 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sqBtM-0000vt-EC for bug-gnu-emacs@gnu.org; Mon, 16 Sep 2024 09:35:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=94k61au8ouZYAJJcDVPjUJsYaa21GKBzqB7tYPuXCMw=; b=CwD5rTrG1YjzpeYuNSQnyKid33ak7Z3E1sOLNkvbwJ37bnxv4dYigPI6Aj87NgV8WQR60vUAmLu9Zu3ligxmxZ47UvBGNC9icT7c0M6IWtKancvWWmVmJ5oSkkKbM8BZ2SLTZA5YMWZW1HAgbXCxdg/7+BS7heGhrOP37yq0N5Tw7GVRbe2oEGiymg/o18RIQvceuo7VyZ5Qo75A80/L88xSfqkegzR1vRn+yybnSoXbJOiwO/vqLysgR9zH+b3V+jYOkUcCWFbrEQEqESILQJmgTVEq6uxvGqkxLhaQMJ0U92x7ITVLs3YTy4hD5m5/ftGuWJseULbZ1Td+KBz3HQ==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sqBtZ-0000CL-LV for bug-gnu-emacs@gnu.org; Mon, 16 Sep 2024 09:36:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Robert Pluim Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 16 Sep 2024 13:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53941 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 53941-submit@debbugs.gnu.org id=B53941.1726493742728 (code B ref 53941); Mon, 16 Sep 2024 13:36:01 +0000 Original-Received: (at 53941) by debbugs.gnu.org; 16 Sep 2024 13:35:42 +0000 Original-Received: from localhost ([127.0.0.1]:51316 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sqBtF-0000Bf-Or for submit@debbugs.gnu.org; Mon, 16 Sep 2024 09:35:42 -0400 Original-Received: from mail-wr1-f48.google.com ([209.85.221.48]:52269) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sqBtE-0000BQ-0x for 53941@debbugs.gnu.org; Mon, 16 Sep 2024 09:35:40 -0400 Original-Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-374ba74e9b6so3066259f8f.0 for <53941@debbugs.gnu.org>; Mon, 16 Sep 2024 06:35:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726493661; x=1727098461; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=94k61au8ouZYAJJcDVPjUJsYaa21GKBzqB7tYPuXCMw=; b=HB9mafE30voEPH0A35YXLfo3t+G5MswRpF96JkN1bg6odvdwI2nhyGWS7P0714e7zO IfV6iCS0pnIjfo+ldVDFnI41Jy2M7cvbIIjaeNS3MsvE5unj3T7d1S0aAnkZf1nXIvd4 KmBnV+ukMFcxmOJTDWJ2Mar4CxkRMayr9bF5NAZja8uthgBgyUGvpxpH7ORT/9n/h/aB fxWf9UGGuBCybaM2CAd0/H27K/imUpm5Pvt3Wrl77rfqQyO0jROPyOA7LehW9KnCfRXa tR07ZoVhV7ujM3GsLoPGEmPi9SfF3w/RhFvZyebENe2vXzmCGoCLxevf7m1WIr/dtKRf zwzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726493661; x=1727098461; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=94k61au8ouZYAJJcDVPjUJsYaa21GKBzqB7tYPuXCMw=; b=evVR78nh7C2d7asqYk16CTodio2RmoVC7/UsWdMpTA1ygmNaZDahpyfxjV+b+++/Be P4aGaNq2klbPyD8UVEZmLQWMuqy91ZRvgehQeZry0kEvnuyUa0NrEsg1AlpdjAj+meAQ c1vPY4UXLGYX8q2qrzRt1M1pkT/iKFfLyyA6peH3jmdwlQtn4dCYoKAaIgZt5epmv1nm wHS/QAdhNPvA16jvsap+L9Od8bjpa1+sEuycmEAeLbqsWVvUAUbzvT+e0shj3N1bWuUz by/2bHMEvIAam82uANBuhVP1MzDJAPA1HQSx26FspzBnD+DkoCGdR8R9TbCEUSDv/JBp xUCg== X-Forwarded-Encrypted: i=1; AJvYcCUy2XogJop3ISn6pS+EkTbxVIUjyuNRrTaNGrDyHUVnXV56pIssHQF1wfVMy2BITY8aqgLG7A==@debbugs.gnu.org X-Gm-Message-State: AOJu0YxHAdD+7BkaOaXzCvlHuGAzWGrXc4EMO/m6xPzLdvuNFxndE0dZ pt8iC5yksMq7Tm6VHga/EQHX8Gg5XzcqGIYa5EFCqYIGQYCGjmxu X-Google-Smtp-Source: AGHT+IEVs5GbfzFJTnldEr0OEVR9/5EX5aD/XWmhpzpGOISaF86kFb7JlRFhDnrRHN/JSxVrM/bYCw== X-Received: by 2002:adf:cd8b:0:b0:378:8f2f:905f with SMTP id ffacd0b85a97d-378d61d4d27mr9166460f8f.11.1726493660469; Mon, 16 Sep 2024 06:34:20 -0700 (PDT) Original-Received: from rltb ([2a01:e0a:3f3:fb51:bbfc:8038:1395:d75a]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-378e71ed08esm7362038f8f.4.2024.09.16.06.34.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Sep 2024 06:34:19 -0700 (PDT) In-Reply-To: <87ldzss6j5.fsf@neverwas.me> (J. P.'s message of "Sun, 15 Sep 2024 18:59:10 -0700") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:291889 Archived-At: >>>>> On Sun, 15 Sep 2024 18:59:10 -0700, "J.P." said: JP> As I've struggled to explain up thread, the DNS leakage issue is la= rger JP> than any prospective integration, `nsm' or otherwise. But, for the = sake JP> of discussion, if we were to zoom in on that library in particular,= the JP> reason for the leakage should be pretty clear. AFAICT, the function JP> `nsm-should-check' always performs a lookup in order to support the JP> `nsm-trust-local-network' feature (original author Robert Cc'd). One JP> possible workaround might be to rework the function slightly to pre= vent JP> that, as shown in the first of the attached patches (0001). More information hiding by default is a good thing. (I=CA=BCm not the original author, I just changed it to look at the actual local addresses instead of hardcoding them) JP> Anyway, to truly tackle this issue, I still contend we'd need to JP> intercept calls to any glibc GAI-related functions and gate them wi= th JP> some kind of async-friendly mechanism (perhaps a process property) = that JP> suppresses their invocation for the lifetime of the process. The API JP> could be as simple as: JP> (make-network-process ... :nolookup t ...) I=CA=BCm not sure what suppressing DNS lookups would get us apart from more failure modes, but I haven=CA=BCt thought about it deeply. JP> But for this, we'd surely need help from someone familiar with that= part JP> of Emacs. JP> * lisp/net/nsm.el (nsm-should-check): Rework in a functionally JP> equivalent way, except forgo calling both `network-lookup-address-i= nfo' JP> and `network-interface-list' unless the various conditions regarding JP> `nsm-trust-local-network' are first satisfied. Replace `mapc' with JP> `dolist' to align with modern sensibilities. (Bug#53941) Careful now, somebody even more modern might come along and replace `dolist= ' with `seq-do' =E2=98=BA=EF=B8=8F JP> --- JP> lisp/net/nsm.el | 33 ++++++++++++--------------------- JP> 1 file changed, 12 insertions(+), 21 deletions(-) JP> diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el JP> index e8fdb9b183b..a8a3abb6a2d 100644 JP> --- a/lisp/net/nsm.el JP> +++ b/lisp/net/nsm.el JP> @@ -226,27 +226,18 @@ nsm-should-check JP> host address is a localhost address, or in the same subnet as one JP> of the local interfaces, this function returns nil. Non-nil JP> otherwise." JP> - (let ((addresses (network-lookup-address-info host)) JP> - (network-interface-list (network-interface-list t)) JP> - (off-net t)) JP> - (when JP> - (or (and (functionp nsm-trust-local-network) JP> - (funcall nsm-trust-local-network)) JP> - nsm-trust-local-network) JP> - (mapc JP> - (lambda (ip) JP> - (mapc JP> - (lambda (info) JP> - (let ((local-ip (nth 1 info)) JP> - (mask (nth 3 info))) JP> - (when JP> - (nsm-network-same-subnet (substring local-ip 0 -1) JP> - (substring mask 0 -1) JP> - (substring ip 0 -1)) JP> - (setq off-net nil)))) JP> - network-interface-list)) JP> - addresses)) JP> - off-net)) JP> + (not (and-let* (((or (and (functionp nsm-trust-local-network) JP> + (funcall nsm-trust-local-network)) JP> + nsm-trust-local-network)) JP> + (addresses (network-lookup-address-info host)) JP> + (network-interface-list (network-interface-list = t))) JP> + (catch 'off-net JP> + (dolist (ip addresses) JP> + (dolist (info network-interface-list) JP> + (when (nsm-network-same-subnet (substring (nth 1 in= fo) 0 -1) JP> + (substring (nth 3 in= fo) 0 -1) JP> + (substring ip 0 -1)) JP> + (throw 'off-net t)))))))) Since you=CA=BCve inverted the test, you should probably invert the name of `off-net'. Robert --=20