[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3566 [Tor Client]: Should controller events respect SafeLogging 1 torrc option? (was: Vidalia should respect SafeLogging 1 torrc option)

#3566: Should controller events respect SafeLogging 1 torrc option?
------------------------+---------------------------------------------------
 Reporter:  tornewbie   |          Owner:  chiiph            
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
Changes (by arma):

  * milestone:  => Tor: 0.2.3.x-final
  * component:  Vidalia => Tor Client


Comment:

 (Redirecting to the 'Tor client' component so Nick will look at it too.)

 log_unsafe_socks_warning() in src/or/buffers.c is the function in
 question. The reason Vidalia gets the address and port is because this
 isn't actually a "log" from Tor's perspective -- it's a controller event:
 {{{
   control_event_client_status(LOG_WARN,
                               "DANGEROUS_SOCKS PROTOCOL=SOCKS%d
 ADDRESS=%s:%d",
                               socks_protocol, address, (int)port);
 }}}

 So one option would be for Tor to just send "[scrubbed]" instead of
 address in its status events. That would seem to be simpler than trying to
 teach Vidalia which arguments to which events are dangerous to put on the
 screen.

 It might be that Vidalia wants a checkbox in its message log gui to let
 the user decide whether Tor should have safelogging on or off.

 I guess the follow-on question is: are controllers expected to do anything
 else with these events besides display them to the screen? I can imagine a
 controller that hunts around in netstat or something to give you more
 details; and it would be a shame if it had to turn Tor's safelogging off
 across the board in order to learn the address from the status event.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3566#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs