[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Warn if HSes are configured on a client with UseEntryGuards disabled
commit 130e899fbb02d6005e3797dea2099e4033345ebe
Author: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Tue Sep 18 16:50:00 2012 -0400
Warn if HSes are configured on a client with UseEntryGuards disabled
---
changes/warn-about-hses-without-guards | 8 ++++++++
src/or/config.c | 9 +++++++++
2 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/changes/warn-about-hses-without-guards b/changes/warn-about-hses-without-guards
new file mode 100644
index 0000000..57b8b4d
--- /dev/null
+++ b/changes/warn-about-hses-without-guards
@@ -0,0 +1,8 @@
+ o Minor features:
+
+ - Warn users who run hidden services on a Tor client with
+ UseEntryGuards disabled that their hidden services will be
+ vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
+ attack which motivated Tor to support entry guards in the first
+ place). Fixes bug 6889.
+
diff --git a/src/or/config.c b/src/or/config.c
index affe238..11f63ef 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2536,6 +2536,15 @@ options_validate(or_options_t *old_options, or_options_t *options,
options->UseEntryGuards = 0;
}
+ if (!(options->UseEntryGuards) &&
+ (options->RendConfigLines != NULL)) {
+ log_warn(LD_CONFIG,
+ "UseEntryGuards is disabled, but you have configured one or more "
+ "hidden services on this Tor instance. Your hidden services "
+ "will be very easy to locate using a well-known attack -- see "
+ "http://freehaven.net/anonbib/#hs-attack06 for details.");
+ }
+
if (!(options->LearnCircuitBuildTimeout) &&
options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
log_warn(LD_CONFIG,
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits