[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2914 [Tor Relay]: Tor should not append to file if loglevel < notice



#2914: Tor should not append to file if loglevel < notice
-----------------------+----------------------------------------------------
 Reporter:  mikeperry  |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  normal     |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------
Description changed by mikeperry:

Old description:

> A lot of relay operators run tor from git for various reasons. These
> relay operators don't get the advantage of distribution log rotation, and
> can unknowingly leave tor running at low log level for long periods while
> running test branches. In some cases, SafeLogging may also be disabled.
>
> Presumably, since they are running git, they are upgrading often. Based
> on this assumption, an easy fix should be to just change the default log
> file open mode from O_APPEND to O_TRUNC if the loglevel is below notice,
> and/or if SafeLogging is off.
>
> Of course, a better fix is to implement our own log rotation. I don't
> think the corner case is that important. It is a non-default config that
> makes it risky** in the first place.
>
> Thanks for Marcia Hofmann @ EFF for pointing this out.
>
> ** (The reason it is risky is not because logs are terribly dangerous to
> anonymity in their current form, but moreso because logs can be such a
> false path due to the multiplexing of circuits over TLS.)

New description:

 A lot of relay operators run tor from git for various reasons. These relay
 operators don't get the advantage of distribution log rotation, and can
 unknowingly leave tor running at low log level for long periods while
 running test branches. In some cases, SafeLogging may also be disabled.

 Presumably, since they are running git, they are upgrading often. Based on
 this assumption, an easy fix should be to just change the default log file
 open mode from O_APPEND to O_TRUNC if the loglevel is below notice, and/or
 if SafeLogging is off.

 Of course, a better fix is to implement our own log rotation. I don't
 think the corner case is that important. It is a non-default config that
 makes it risky** in the first place.

 Thanks to Marcia Hofmann @ EFF for pointing this out.

 ** (The reason it is risky is not because logs are terribly dangerous to
 anonymity in their current form, but moreso because logs can be such a
 false path due to the multiplexing of circuits over TLS.)

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2914#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs