[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4788 [Tor Directory Authority]: Reject all relays and bridges running 0.2.0.x

#4788: Reject all relays and bridges running 0.2.0.x
-------------------------------------+--------------------------------------
 Reporter:  rransom                  |          Owner:                    
     Type:  defect                   |         Status:  new               
 Priority:  major                    |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------

Comment(by arma):

 The proposal 110 first half went into 0.2.1.3-alpha, and a bugfix went
 into 0.2.1.19. So to accomplish the goal described here, we should change
 dirserv_get_status_impl() from
 {{{
   /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
    * directory information.  Once more of them die off, we should raise
 this
    * minimum. */
   if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
     if (msg)
       *msg = "Tor version is far too old to work.";
     return FP_REJECT;
   } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
                       && !tor_version_as_new_as(platform, "0.2.1.19")) {
     /* These versions mishandled RELAY_EARLY cells on rend circuits. */
     if (msg)
       *msg = "Tor version is too buggy to work.";
     return FP_REJECT;
   }
 }}}

 to

 {{{
   /* Tor 0.2.1.3-alpha introduced the RELAY_EARLY enforcement, and
    * 0.2.1.19 fixed a bug that mishandled RELAY_EARLY cells on rend
    * circuits. */
   if (platform && !tor_version_as_new_as(platform,"0.2.1.19")) {
     if (msg)
       *msg = "Tor version is far too old to work.";
     return FP_REJECT;
   }
 }}}

 If we prefer to be more thorough, we might append

 {{{
   } else if (platform && !tor_version_as_new_as(platform,"0.2.1.30")) {
     /* These versions have security vulnerabilities that make them too
      * risky to include. */
     if (msg)
       *msg = "Tor version is vulnerable. Please upgrade!";
     return FP_REJECT;
   }
 }}}

 I'd be ok with that.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4788#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs