[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18214 [Tor]: exit policy wrongly displayed in globe, atlas etc.
#18214: exit policy wrongly displayed in globe, atlas etc.
------------------------------------------------+--------------------------
Reporter: toralf | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
Component: Tor | 0.2.8.x-final
Severity: Normal | Version: Tor:
Keywords: security 027-backport 026-backport | 0.2.7.6
Parent ID: | Resolution:
Sponsor: | Actual Points:
| Points:
------------------------------------------------+--------------------------
Changes (by teor):
* keywords: => security 027-backport 026-backport
* status: needs_information => new
* version: => Tor: 0.2.7.6
* milestone: Tor: 0.2.??? => Tor: 0.2.8.x-final
Comment:
There are two issues here:
tor could simplify descriptors better:
{{{
reject *:80
...
accept *:80-81
}}}
should become:
{{{
reject *:80
...
accept *:81
}}}
This issue can be confirmed using globe:
âhttps://globe.torproject.org/#/relay/F1BE15429B3CE696D6807F4D4A58B1BFEC45C822
tor also appears to be leaving some torrc ExitPolicy entries out of the
descriptor:
{{{
ExitPolicy reject *:20-21
ExitPolicy reject *:22
ExitPolicy reject *:23
...
ExitPolicy reject *:554
ExitPolicy reject *:8000
ExitPolicy reject *:8080
}}}
This is a serious security issue if these ExitPolicy entries are not being
applied by the relay. On the other hand, if the entries are being applied
on the relay, but aren't in the descriptor, it will slow clients down, as
they believe the relay will allow ports which it then refuses.
From the stem output, it appears that the ExitPolicy entries are being
correctly parsed by tor. But they aren't making it into the descriptor.
toralf, can you confirm if you have sent a HUP to your relay, or restarted
the tor process, since changing the config?
Are you only running one tor process?
toralf's relay is running tor 0.2.7.6.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18214#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs