[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16824 [Core Tor/Tor]: Emit a warning message about side channel leaks when using relays as clients
#16824: Emit a warning message about side channel leaks when using relays as
clients
-------------------------------------------------+-------------------------
Reporter: starlight | Owner: (none)
Type: defect | Status:
| needs_review
Priority: High | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.6.10
Severity: Normal | Resolution:
Keywords: mike-can, tor-client tor-relay | Actual Points:
sidechannel logging easy |
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by arma):
Two thoughts:
(A) We're only doing this log message if they *use* the socksport, right?
Otherwise every relay will get this log message by default, unless they
change their SocksPort line, even if they *aren't* "attempting to use Tor
for both relay and client functionality"?
(B) I'm still unclear on what attack we're talking about here. In the
earlier bug, #16585, there was some bug where relay cells would get
unnecessarily starved when the client goes wild trying to build circuits
that all fail? So in that case maybe it's the relay bandwidth *graphs*
that give things away? But if there weren't graphs, you might still be
able to send a constant rate of traffic through the relay and see when it
slows down? But even if it's not a relay at all, and even if we fixed the
starvation bug, you might be able to send ping packets toward the
suspect's IP address, and see a slow-down when there's competing client
activity?
https://www.freehaven.net/anonbib/#remote-traffic-pets12
So it seems weird to me to have a warning message on one particular
situation -- and a situation that seems more of a bug we can actually fix
-- but not in all the other situations that can be bad too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16824#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs