[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #26776 [Core Tor/Tor]: Control port failures for hidden services
#26776: Control port failures for hidden services
------------------------------+--------------------
Reporter: oqista | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
1.
With Tor 0.3.2.9 on Linux, connect to the control port. Then setconf
HiddenServiceDir (to create a new service) and HiddenServicePort, as one
command. Then getconf HiddenServiceOptions to make sure it's right.
Now, connect to your new hidden service from another computer, with no
authorization. Success, as expected.
Then, setconf HiddenServiceDir (for the same service as before),
HiddenServicePort, and HiddenServiceAuthorizeClient, all as one command.
Notice the hostname file for the hidden service now contains an auth
cookie, as expected.
Finally, connect to the hidden service again from another computer, still
with no authorization. Success! But it should fail, since you didn't
provide the auth cookie!
To fix it, you have to restart Tor on your server, and do setconf _with_
HiddenServiceAuthorizeClient the first time.
2.
The same bug hits in the other direction too: after you restart Tor to
start enforcing the auth cookie, if you do setconf without
HiddenServiceAuthorizeClient, then the auth cookie immediately disappears
from the hostname file (as expected), but Tor continues enforcing the
cookie until you restart.
3.
The same configuration-stickiness bug applies to setconf HidServAuth on
the client side too (tested on Linux and Windows). If you try to connect
to a hidden service requiring authentication before you set HidServAuth,
then of course it fails, but if you then set HidServAuth, it _still_
fails. You have to restart Tor, then set HidServAuth _before_ you try to
connect to the hidden service for the first time. Then it will succeed.
Just to be clear: to trigger these bugs, do all the various configurations
and reconfigurations exclusively via the control port. Don't set any of
them in torrc.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26776>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs