[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10887 [Obfsproxy]: ScrambleSuit should make it easy for bridge admins to learn password
#10887: ScrambleSuit should make it easy for bridge admins to learn password
-------------------------+-------------------------------------------------
Reporter: phw | Owner: phw
Type: | Status: needs_revision
enhancement | Milestone:
Priority: normal | Version:
Component: | Keywords: scramblesuit, password, shared
Obfsproxy | secret
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by yawning):
Replying to [comment:11 asn]:
> I fixed the above errors and another one (I caught `b32decode()`
exceptions) and it can be found in `bug10887` in my repo.
`ec61559` ACK.
`aa3a99c` NACK for now. See discussion below.
`9840bac` ACK the change. Commit message should reflect what's being
changed though.
> Unfortunately, it still doesn't work perfectly:
> {{{
> # cat pt_state/scramblesuit/server_descriptor
> Bridge scramblesuit 0.0.0.0:33647
password=S5JY6IRCLLNEGTWBWZMYVIXHFWTITZBE
> }}}
> That's because the bindaddr that is passed from Tor is `0.0.0.0`
(`IPADDR_ANY`):
> {{{
> 'config': {'ORPort': ('127.0.0.1', 42331),
> 'allTransportsEnabled': False,
> 'authCookieFile': None,
> 'extendedORPort': None,
> 'managedTransportVer': ['1'],
> 'serverBindAddr': {'obfs3': ('0.0.0.0', 40674),
> 'scramblesuit': ('0.0.0.0', 33647)},
> 'serverTransportOptions': None,
> 'stateLocation': '/usr/local/var/lib/tor2/data/pt_state/',
> 'transports': ['obfs3', 'scramblesuit']},
> }}}
>
> However, I'm still tempted to merge this since it's the only way for
people to get their automatically-generated passwords. However, maybe we
should remove the whole Bridge line and just leave the password bit, so
that we don't give users the illusion that that bridge line would actually
work.
I would rather see the bridge line changed to only contain the password
before merging (the generated bridge line also neglects to include a
bridge fingerprint since the information is unavailable to the PT
currently). Only including a password line is better than having a bridge
line that is wrong and incomplete.
> Also, on my way to fixing the above, I set the default state directory
in external mode to be the current working directory. Is this a very bad
idea that will open us to race conditions/symlink attacks etc.? Probably
better than setting it to `/tmp/`.
It's better than `/tmp` but not by much. I would rather standalone
servers failed to start without a user provided state directory, mostly so
it doesn't put it's state in surpising locations when invoked from
incorrect init scripts etc.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10887#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs