[Pidgin] #11110: Pidgin appears to leak DNS for Jabber accounts

Pidgin trac at pidgin.im
Fri Apr 15 14:59:42 EDT 2011 

#11110: Pidgin appears to leak DNS for Jabber accounts
----------------------------------------+-----------------------------------
 Reporter:  ioerror                     |        Owner:  deryni
     Type:  defect                      |       Status:  new   
Milestone:  Implementation In Progress  |    Component:  XMPP  
  Version:                              |   Resolution:        
 Keywords:  jabber security privacy     |  
----------------------------------------+-----------------------------------

Comment(by ioerror):

 Replying to [comment:24 datallah]:
 > Right, your patch does what you want for your particular situation, but
 it isn't going to be an acceptable thing to do in libpurple by default -
 in most proxy cases, the right thing to do *is* going to be the SRV
 lookup.

 Hrm - how are you deciding that? Isn't this bug report a record of a bunch
 of users asking that this dangerous default behavior be changed? And also
 that they're surprised by this default behavior?

 >
 > The proposed plugin solution will bypass SRV/TXT lookups and make it
 seem to the code that initiates the lookup that no results were returned.
 If implemented correctly, it should have the same effect as changing the
 code like you're doing, but will apply to all places where the dns
 requests are made.

 Will this plugin be enabled by default when you use a proxy? If not,
 pidgin will leak information to the network that allows an attacker to
 violate client privacy and reroute client destination traffic. If so - why
 implement it as a plugin?

 I admit, I'm new to pidgin internals, so I'm really not sure of why you'd
 make this choice over another. The idea of having it apply everywhere is a
 much better solution, I agree - I'm actually undertaking an audit of each
 protocol  ( https://trac.torproject.org/projects/tor/ticket/2918 ) that we
 want to support in TIMBB. None the less - I'm confused how normal users
 using a normal pidgin proxy setting will be protected from DNS leaking
 security and privacy issues?

 Perhaps it would make sense to have a preference where we "allow DNS
 requests to bypass proxy settings" in the proxy dialog? And perhaps that
 would be implemented by a plugin that is enabled by default unless you
 check that box?

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11110#comment:25>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list