[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #17574 [Tor]: Fallback mirrors should never fetch from fallback mirrors
#17574: Fallback mirrors should never fetch from fallback mirrors
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.4.7-alpha
Severity: Normal | Keywords:
Actual Points: | Parent ID: #15775
Points: | Sponsor:
------------------------+--------------------------------
If we allow fallback mirrors to fallback to other fallback mirrors, we
could get download loops or other nasty consequences. The bootstrap
process should deliver a recent consensus and prevent this, but let's
avoid the possibility - there's no need for the ~300 fallbacks to use
mirrors.
While relays can check their own list of fallback mirrors, there's no way
to predict which relays were/are fallbacks in past/future releases.
Therefore, any relays which could possibly become a fallback, must connect
to an authority:
* public servers (not a bridge)
* with a dirport (not just an automatic dir cache with the V2Dir flag
(#12538), but one with an actual, public, dirport that can be used for
initial bootstrapping)
Currently, the authority connection code is advisory, we need to split it
and make the above conditions mandatory.
This was introduced in 0.2.4.7-alpha as an unintended consequence of
commits like 5c51b3f1f0d4c394392.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17574>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs