[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16980 [Tor]: Implicit time range assumption breaks Tor in Shadow

Subject: Re: [tor-bugs] #16980 [Tor]: Implicit time range assumption breaks Tor in Shadow
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 06 Sep 2015 13:15:43 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 06 Sep 2015 09:15:54 -0400
In-reply-to: <050.9cb68d2a724ecef330be41b768ee6b01@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <050.9cb68d2a724ecef330be41b768ee6b01@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16980: Implicit time range assumption breaks Tor in Shadow
----------------------------+--------------------------------
     Reporter:  robgjansen  |      Owner:
         Type:  defect      |     Status:  new
     Priority:  normal      |  Milestone:
    Component:  Tor         |    Version:  Tor: 0.2.7.2-alpha
   Resolution:              |   Keywords:
Actual Points:              |  Parent ID:
       Points:              |
----------------------------+--------------------------------

Comment (by nickm):

 We do indeed assume that time_t is signed; see this section in
 configure.ac:

 {{{
 AX_CHECK_SIGN([time_t],
        [ AC_DEFINE(TIME_T_IS_SIGNED, 1, [Define if time_t is signed]) ],
        [ : ], [
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
 #ifdef HAVE_TIME_H
 #include <time.h>
 #endif
 ])

 if test "$ax_cv_decl_time_t_signed" = no; then
   AC_MSG_WARN([You have an unsigned time_t; some things will probably
 break. Please tell the Tor developers about your interesting platform.])
 fi
 }}}

 We can safely turn that WARN into an ERR I think.

 But refactoring crypto_rand_time_range() that way doesn't seem so safe to
 me; it doesn't actually do the right thing with negative inputs. What
 about something more like:
 {{{
    tor_assert(min < max);
    return min + (time_t)crypto_rand_uint64(max-min);
 }}}


 (Also, I am far from convinced that this is the last thing that will break
 if time() starts out at 0 -- I never really considered what would happen
 if you tried to run Tor in 1970 before, and there may well be other things
 that break.  I wonder if, as a kludge, you wouldn't be better off starting
 Shadow's time() at 1971 or 1980 or 2000 or something -- I bet there are
 other programs out there that make similar assumptions not needing to run
 at times before they were written.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16980#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #16980 [Tor]: Implicit time range assumption breaks Tor in Shadow
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16879 [Tor Browser]: How to know if Bridges have not changed?
Next by Author: Re: [tor-bugs] #16984 [Website]: Debian Documentation invites People to use HTTP instead of HTTPS
Previous by thread: Re: [tor-bugs] #16980 [Tor]: Implicit time range assumption breaks Tor in Shadow
Next by thread: Re: [tor-bugs] #16980 [Tor]: Implicit time range assumption breaks Tor in Shadow
Index(es):
- Author
- Thread