[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #23512 [Core Tor/Tor]: Bandwidth stats watermark can be induced using OOM killer
#23512: Bandwidth stats watermark can be induced using OOM killer
-------------------------------------------------+-------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-bug-bounty, congestion-attack, | Actual Points:
research, watermark, tor-stats, guard- |
discovery-stats |
Parent ID: | Points:
Reviewer: | Sponsor:
| SponsorQ
-------------------------------------------------+-------------------------
Comment (by arma):
Mike: I talked to Jaym about this topic at PETS. I think at the time I was
under the impression that we are incrementing the *write* counter, that
is, the outbound connection, even though we never actually push the bytes
out to the network because we kill the outbuf in the oom killer.
So I had thought that the bug was "we say that we wrote out the bytes even
though we didn't", which allows an attacker to queue up a bunch of bytes
for us to outbuf, and generate an artificially large signal.
If that is the issue (which contradicts asn's summary above I think), then
there would be a second piece to the fix, since if we only decremented the
write count to stop including the bytes we didn't actually write, then we
would have an asymmetry between the (still much higher) read count and the
(now corrected) write count. So the second part of the fix would be to
decrement the read count by the corresponding amount too, so things match
up.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23512#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs