Re: [tor-bugs] #18214 [Tor]: exit policy wrongly displayed in globe, atlas etc.

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#18214: exit policy wrongly displayed in globe, atlas etc.
------------------------------------------------+--------------------------
 Reporter:  toralf                              |          Owner:
     Type:  defect                              |         Status:  new
 Priority:  Medium                              |      Milestone:  Tor:
Component:  Tor                                 |  0.2.8.x-final
 Severity:  Normal                              |        Version:  Tor:
 Keywords:  security 027-backport 026-backport  |  0.2.7.6
Parent ID:                                      |     Resolution:
  Sponsor:                                      |  Actual Points:
                                                |         Points:
------------------------------------------------+--------------------------

Comment (by nickm):

 I agree we could simplify better.   Our current simplification logic can
 only remove a policy A when there is some other B that contains all of A.
 (And when there is no intervening policy C that makes things more complex
 -- see exit_policy_remove_redundancies for the full details.)  We don't
 currently combine or split policies even when their port or address ranges
 would permit this.

 But in the second case, I don't think it's a bug.  We're leaving those
 policies out of the descriptor because they are redundant.  Consider
 `reject *:20-21` in particular.  There's nothing in the policy to say we
 accept those ports, so `reject *:20-21` is completely contained within
 `reject *:*` at the end of the policy.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18214#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs