[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #1859 [Tor Client]: Using 'mytorexitnode.exit' request when mytorexitnode is both exit and client
#1859: Using 'mytorexitnode.exit' request when mytorexitnode is both exit and
client
------------------------+---------------------------------------------------
Reporter: mwenge | Owner: mwenge
Type: defect | Status: assigned
Priority: minor | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version: Tor: 0.2.2.12-alpha
Keywords: | Parent:
------------------------+---------------------------------------------------
Comment(by mwenge):
(Summary of all of the above)
There are two problems in this bug:
1. When an OP makes a .exit request specifying itself as the exit, and the
exit is not yet listed, Tor gets all the routerinfos needed for the
circuit but discovers in circuit_is_acceptable() that its own routerinfo
is not in the routerdigest list and cannot be used. Tor then gets locked
in a cycle of repeating these two steps. When gathering the routerinfos
for a circuit, specifically when the exit has been chosen by .exit
notation, Tor needs to apply the same rules it uses later on when deciding
if it can build a circuit with those routerinfos.
2. A different bug arises in the above situation when the Tor instance's
routerinfo *is* listed in the routerlist, it shares its nickname with a
number of other Tor nodes, and it does not have 'Named' rights to its
nickname.
So for example, if (i) there are five nodes named Bob in the network,
(ii) I am running one of them but am flagged as 'Unnamed' because someone
else claimed the 'Bob' nickname first, and (iii) I run my Tor as both
client and exit the following can happen to me:
- I go to www.evil.com
- I click on a link www.evil.com.bob.exit
- My request will exit through my own Tor node rather than the
'Named' node Bob or any of the others.
- www.evil.com now knows I am actually browsing from the same
computer that is running my 'Bob' node
As yetonetime points out all this nastiness happens because of:
{{{
if (server_mode(get_options()) &&
!strcasecmp(nickname, get_options()->Nickname))
return router_get_my_routerinfo();
}}}
in router_get_by_nickname().
So to solve both issues we need to ensure:
- When fulfilling a .exit request we only choose a routerinfo if it exists
in the routerlist, even when that routerinfo is ours.
- When getting a router by nickname we only return our own router
information if it is not going to be used for building a circuit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1859#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs