mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Merge remote-tracking branch 'rransom/warn-about-hses-without-guards'
This commit is contained in:
commit
95d9f7e9cc
8
changes/warn-about-hses-without-guards
Normal file
8
changes/warn-about-hses-without-guards
Normal file
@ -0,0 +1,8 @@
|
||||
o Minor features:
|
||||
|
||||
- Warn users who run hidden services on a Tor client with
|
||||
UseEntryGuards disabled that their hidden services will be
|
||||
vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
|
||||
attack which motivated Tor to support entry guards in the first
|
||||
place). Fixes bug 6889.
|
||||
|
@ -2538,6 +2538,15 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
options->UseEntryGuards = 0;
|
||||
}
|
||||
|
||||
if (!(options->UseEntryGuards) &&
|
||||
(options->RendConfigLines != NULL)) {
|
||||
log_warn(LD_CONFIG,
|
||||
"UseEntryGuards is disabled, but you have configured one or more "
|
||||
"hidden services on this Tor instance. Your hidden services "
|
||||
"will be very easy to locate using a well-known attack -- see "
|
||||
"http://freehaven.net/anonbib/#hs-attack06 for details.");
|
||||
}
|
||||
|
||||
if (!(options->LearnCircuitBuildTimeout) &&
|
||||
options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
|
||||
log_warn(LD_CONFIG,
|
||||
|
@ -1893,7 +1893,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
|
||||
* listed that descriptor will have the same summary. If not then
|
||||
* something is fishy and we'll use the most common one (breaking
|
||||
* ties in favor of lexicographically larger one (only because it
|
||||
* lets me reuse more existing code.
|
||||
* lets me reuse more existing code)).
|
||||
*
|
||||
* The other case that can happen is that no authority that voted
|
||||
* for that descriptor has an exit policy summary. That's
|
||||
|
Loading…
Reference in New Issue
Block a user