Warn if HSes are configured on a client with UseEntryGuards disabled

This commit is contained in:
Robert Ransom 2012-09-18 16:50:00 -04:00
parent d1c4cf2f5a
commit 130e899fbb
2 changed files with 17 additions and 0 deletions

View File

@ -0,0 +1,8 @@
o Minor features:
- Warn users who run hidden services on a Tor client with
UseEntryGuards disabled that their hidden services will be
vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
attack which motivated Tor to support entry guards in the first
place). Fixes bug 6889.

View File

@ -2536,6 +2536,15 @@ options_validate(or_options_t *old_options, or_options_t *options,
options->UseEntryGuards = 0;
}
if (!(options->UseEntryGuards) &&
(options->RendConfigLines != NULL)) {
log_warn(LD_CONFIG,
"UseEntryGuards is disabled, but you have configured one or more "
"hidden services on this Tor instance. Your hidden services "
"will be very easy to locate using a well-known attack -- see "
"http://freehaven.net/anonbib/#hs-attack06 for details.");
}
if (!(options->LearnCircuitBuildTimeout) &&
options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
log_warn(LD_CONFIG,