[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10777 [Tor]: Remotely triggerable circuit destruction by path bias code

Subject: Re: [tor-bugs] #10777 [Tor]: Remotely triggerable circuit destruction by path bias code
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 10 Feb 2014 02:38:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 09 Feb 2014 21:38:51 -0500
In-reply-to: <051.4448419e1c1503f6b500f598ea6bf93f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.4448419e1c1503f6b500f598ea6bf93f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10777: Remotely triggerable circuit destruction by path bias code
-----------------------------+-----------------------------------
     Reporter:  cypherpunks  |      Owner:
         Type:  defect       |     Status:  needs_review
     Priority:  major        |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-client regression
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------------------------
Changes (by nickm):

 * cc: mikeperry (added)
 * status:  needs_information => needs_review


Comment:

 To be clear, it's circuit destruction that's triggerable by the exit node,
 right?  But the exit node can already trigger circuit destruction by
 sending a DESTROY cell.  The real problematic case is if the user can be
 tricked into sending something that causes an ENETUNREACH response from
 the exit node.

 In any case, we should ENETUNREACH to give NOROUTE.  There's a patch for
 that as "bug10777_noroute_024"

 If a third party *can* trigger this, we need to remove the case
 END_STREAM_REASON_INTERNAL case from connection_ap_process_end_notopen,
 treating it as neither a path-bias success nor a path-bias failure.
 There's a patch for that as "bug10777_nointernal_024."

 Mike, I am leaning towards merging both.  Please let me know if this makes
 path bias useless.

 Also, there's maybe a third bug: If the user triggered this by using
 MapAddress to map advertising networks to some netblock we should have
 recognized as private., that should probably have taken effect and caused
 the stream to get blocked connection to a private address *before* the
 RELAY_BEGIN cell is ever sent.  (Was it a private network block, or
 something else?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10777#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7449 [Firefox Patch Issues]: TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog & when using internal browser video player (was: TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog)
Next by Author: Re: [tor-bugs] #4817 [Tor]: Control port authentication failures don't differentiate failure types
Previous by thread: Re: [tor-bugs] #10777 [Tor]: Remotely triggerable circuit destruction by path bias code
Next by thread: Re: [tor-bugs] #10777 [Tor]: Remotely triggerable circuit destruction by path bias code
Index(es):
- Author
- Thread