config: Warn if EntryNodes and HiddenService are used together

Pinning EntryNodes along with hidden services can be possibly harmful (for instance #14917 and #21155) so at the very least warn the operator if this is the case. Fixes #21155 Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-11-24 04:13:28 +01:00 · 2017-04-05 16:47:55 -04:00 · 2017-04-05 16:47:55 -04:00 · e5fc02c81c
commit e5fc02c81c
parent 01fc93ffef
2 changed files with 19 additions and 0 deletions
--- a/changes/bug21155
+++ b/changes/bug21155
@ -0,0 +1,5 @@
+  o Minor bugfixes (hidden service, logging):
+    - Warn user if multiple entries in  EntryNodes and at least one
+      HiddenService are used together. Pinning EntryNodes along with an hidden
+      service can be possibly harmful for instance see ticket 14917 or 21155.
+      Closes bug 21155.
--- a/src/or/config.c
+++ b/src/or/config.c
@ -3510,6 +3510,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
    return -1;
  }

+  /* Inform the hidden service operator that pinning EntryNodes can possibly
+   * be harmful for the service anonymity. */
+  if (options->EntryNodes &&
+      routerset_is_list(options->EntryNodes) &&
+      (options->RendConfigLines != NULL)) {
+    log_warn(LD_CONFIG,
+             "EntryNodes is set with multiple entries and at least one "
+             "hidden service is configured. Pinning entry nodes can possibly "
+             "be harmful to the service anonymity. Because of this, we "
+             "recommend you either don't do that or make sure you know what "
+             "you are doing. For more details, please look at "
+             "https://trac.torproject.org/projects/tor/ticket/21155.");
+  }
+
  /* Single Onion Services: non-anonymous hidden services */
  if (rend_service_non_anonymous_mode_enabled(options)) {
    log_warn(LD_CONFIG,