[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Log a warning if Tor was built with any "risky" compile-time options
commit 3f442987f194d96a842fd15808e5d40f784cfca4
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Oct 28 11:34:30 2020 -0400
Log a warning if Tor was built with any "risky" compile-time options
These options are meant for testing builds only, and are likely to
cause trouble if used in a production environment.
Closes #18888.
---
changes/ticket18888 | 3 +++
src/app/main/include.am | 2 ++
src/app/main/main.c | 12 +++++++++++-
src/app/main/risky_options.c | 35 +++++++++++++++++++++++++++++++++++
src/app/main/risky_options.h | 17 +++++++++++++++++
5 files changed, 68 insertions(+), 1 deletion(-)
diff --git a/changes/ticket18888 b/changes/ticket18888
new file mode 100644
index 0000000000..279eab76ad
--- /dev/null
+++ b/changes/ticket18888
@@ -0,0 +1,3 @@
+ o Minor features (safety):
+ - Log a warning at startup if Tor is built with compile-time options that
+ are likely to make it less stable or reliable. Closes ticket 18888.
diff --git a/src/app/main/include.am b/src/app/main/include.am
index ea392a8581..576c750377 100644
--- a/src/app/main/include.am
+++ b/src/app/main/include.am
@@ -2,6 +2,7 @@
# ADD_C_FILE: INSERT SOURCES HERE.
LIBTOR_APP_A_SOURCES += \
src/app/main/main.c \
+ src/app/main/risky_options.c \
src/app/main/shutdown.c \
src/app/main/subsystem_list.c \
src/app/main/subsysmgr.c
@@ -10,6 +11,7 @@ LIBTOR_APP_A_SOURCES += \
noinst_HEADERS += \
src/app/main/main.h \
src/app/main/ntmain.h \
+ src/app/main/risky_options.h \
src/app/main/shutdown.h \
src/app/main/subsysmgr.h
diff --git a/src/app/main/main.c b/src/app/main/main.c
index ff530c0ad0..589d365add 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -16,6 +16,7 @@
#include "app/config/quiet_level.h"
#include "app/main/main.h"
#include "app/main/ntmain.h"
+#include "app/main/risky_options.h"
#include "app/main/shutdown.h"
#include "app/main/subsysmgr.h"
#include "core/mainloop/connection.h"
@@ -539,6 +540,7 @@ tor_init(int argc, char *argv[])
{
char progname[256];
quiet_level_t quiet = QUIET_NONE;
+ bool running_tor = false;
time_of_process_start = time(NULL);
tor_init_connection_lists();
@@ -562,8 +564,10 @@ tor_init(int argc, char *argv[])
whether we log anything at all to stdout. */
parsed_cmdline_t *cmdline;
cmdline = config_parse_commandline(argc, argv, 1);
- if (cmdline)
+ if (cmdline) {
quiet = cmdline->quiet_level;
+ running_tor = (cmdline->command == CMD_RUN_TOR);
+ }
parsed_cmdline_free(cmdline);
}
@@ -599,6 +603,12 @@ tor_init(int argc, char *argv[])
log_notice(LD_GENERAL, "This version is not a stable Tor release. "
"Expect more bugs than usual.");
+ if (strlen(risky_option_list) && running_tor) {
+ log_warn(LD_GENERAL, "This build of Tor has been compiled with one "
+ "or more options that might make it less reliable or secure! "
+ "They are:%s", risky_option_list);
+ }
+
tor_compress_log_init_warnings();
}
diff --git a/src/app/main/risky_options.c b/src/app/main/risky_options.c
new file mode 100644
index 0000000000..747dda766b
--- /dev/null
+++ b/src/app/main/risky_options.c
@@ -0,0 +1,35 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2020, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file risky_options.c
+ * \brief List compile-time options that might make Tor less reliable.
+ **/
+
+#include "orconfig.h"
+#include "app/main/risky_options.h"
+
+/** A space-separated list of the compile-time options might make Tor less
+ * reliable or secure. These options mainly exist for testing or debugging.
+ */
+const char risky_option_list[] =
+ ""
+#ifdef DISABLE_ASSERTS_IN_TEST
+ " --disable-asserts-in-test"
+#endif
+#ifdef TOR_UNIT_TESTS
+ " TOR_UNIT_TESTS"
+#endif
+#ifdef ENABLE_RESTART_DEBUGGING
+ " --enable-restart-debugging"
+#endif
+#ifdef ALL_BUGS_ARE_FATAL
+ " --enable-all-bugs-are-fatal"
+#endif
+#ifdef DISABLE_MEMORY_SENTINELS
+ " --disable-memory-sentinels"
+#endif
+ ;
diff --git a/src/app/main/risky_options.h b/src/app/main/risky_options.h
new file mode 100644
index 0000000000..4548ae3efb
--- /dev/null
+++ b/src/app/main/risky_options.h
@@ -0,0 +1,17 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2020, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file risky_options.h
+ * \brief Header for risky_options.c
+ **/
+
+#ifndef TOR_RISKY_OPTIONS_H
+#define TOR_RISKY_OPTIONS_H
+
+extern const char risky_option_list[];
+
+#endif
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits