[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon, 18 Sep 2017 14:16:56 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 18 Sep 2017 14:17:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-transfer-encoding; bh=OwcfkAc1PCdHN3xPHZWjVeZ6vjdwooZREKdZYqRmXUE=; b=uD3uF0q2HToRxpuduUQPJN9VL8Za7rSpp43ZYZAUVUP51zCrcj2kil9qo7CnTRhqVr iW7zUx5Vgl2/Aks6eMqEn/D4T18HJarxEN5JbztVKKfSz9iS90DgAOGHl1ws3I2aOqu4 1ivfBXEW9B7m79ognOOYsUcJ2p9nsuLkd1pcoQCEdnPgix8ZiVyHzxn5rQqZ5dnusIAs 5ya+MZLW4Y9THuOOm+vDIs5wc/YHwaHXeenxgNT5zeo0Ya2xftmYg+nUDQDnT4LY91Rd NA+tFyts1Lo5I6Dp8XId50/9opunUWSOwNJdRE5TU8XzVRhijZi/rRLRNinlxjdXPyO9 jy5Q==
In-reply-to: <42b62f57-3d9d-3683-4e2c-d32e64832bc4@gmx.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuxmG3rnO=_FinfqVPEk3D2Y0ErKx+wxOegDnvTtW0o6=A@mail.gmail.com> <42b62f57-3d9d-3683-4e2c-d32e64832bc4@gmx.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, Sep 18, 2017 at 1:19 PM, Toralf Förster <toralf.foerster@xxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 09/18/2017 03:41 PM, Nick Mathewson wrote:
>>   This bug can only happen when the SafeLogging option is disabled,
>>   and SafeLogging is enabled by default.  If you have not disabled
>>   SafeLogging, then you should be fine.
>
> Which should not hinder everybody to upgrade, b/c affected relay admins would upgrade soon and therefore expose themself to run hidden services, right ?
>

Relays are not affected.  This bug only affects hidden services that
are running on one of the affected versions.

Still, it's probably a good idea for relays to update anyway.  There
are other, smaller bugs fixed in every release.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
  - From: Nick Mathewson
- Re: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
  - From: Toralf Förster

Prev by Author: Re: [tor-relays] More recent rpm somewhere?
Next by Author: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
Previous by thread: Re: [tor-relays] Advisory: Stack disclosure in hidden services logs when SafeLogging disabled
Next by thread: Re: [tor-relays] tor-relays Digest, Vol 80, Issue 26
Index(es):
- Author
- Thread