From ebf6476e8e5e7c77ca0efa17656511cd8cda364f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 23 Sep 2005 20:44:22 +0000 Subject: [PATCH] Provide dire warnings to any users who set DirServer; move it out of torrc.sample and into torrc.complete. svn:r5132 --- doc/TODO | 5 +++-- doc/tor.1.in | 11 ++++++++--- src/config/torrc.complete.in | 20 ++++++++++++++------ src/config/torrc.sample.in | 9 --------- src/or/config.c | 1 + 5 files changed, 26 insertions(+), 20 deletions(-) diff --git a/doc/TODO b/doc/TODO index 711a36238a..e746a696cd 100644 --- a/doc/TODO +++ b/doc/TODO @@ -163,7 +163,8 @@ N . Routerdesc download changes o Reset failure count every 60 minutes o Drop fallback to download-all. Also, always split download. - Only use a routerdesc if you recognize its hash. - - Must defer till dirservers are upgraded to latest. + - (Must defer till dirservers are upgraded to latest code, which + actually generates these hashes.) - Of course, authdirservers must not do this. - Should directory mirrors do something else entirely? - Use has_fetched_directory sanely, whatever that means. @@ -177,7 +178,7 @@ N . Routerdesc download changes - Call dirport_is_reachable from somewhere else. o Networkstatus should list who's an authority. - Add nickname element to dirserver line. Log this along with IP:Port. - - Warn when using non-default directory servers. + o Warn when using non-default directory servers. - When giving up on a non-finished dir request, log how many bytes dropped, to see whether it's worthwhile to use partial info. - Security diff --git a/doc/tor.1.in b/doc/tor.1.in index 1210d57c98..848d1b1464 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -83,12 +83,17 @@ their current liveness status. A value of "0 seconds" tells Tor to choose an appropriate default. (Default: 1 hour for clients, 20 minutes for servers) .LP .TP -\fBDirServer \fR\fIaddress:port fingerprint\fP +\fBDirServer \fR[v1] \fIaddress:port fingerprint\fP Use a nonstandard authoritative directory server at the provided address and port, with the specified key fingerprint. This option can be repeated many times, for multiple authoritative directory -servers. If no \fBdirserver\fP line is given, Tor will use the default -directory servers: moria1, moria2, and tor26. +servers. If the "v1" option is provided, Tor will use this server as an +authority for old-style (v1) directories as well. (Only directory mirrors +care about this.) If no \fBdirserver\fP line is given, Tor will use the default +directory servers: moria1, moria2, and tor26. NOTE: this option is intended +for setting up a private Tor network with its own directory authorities. If +you use it, you will be distinguishable from other users, because you won't +believe the same authorities they do. .LP .TP \fBGroup \fR\fIGID\fP diff --git a/src/config/torrc.complete.in b/src/config/torrc.complete.in index 26b3d92e9e..c382f95d32 100644 --- a/src/config/torrc.complete.in +++ b/src/config/torrc.complete.in @@ -66,12 +66,20 @@ ## (Default: 1 hour for clients, 20 minutes for servers) #DirFetchPeriod N seconds|minutes|hours|days|weeks -## Use a nonstandard authoritative directory server at the pro- -## vided address and port, with the specified key fingerprint. -## This option can be repeated many times, for multiple authorita- -## tive directory servers. If no dirserver line is given, Tor will -## use the default directory servers: moria1, moria2, and tor26. -#DirServer address:port fingerprint +## Tor only trusts directories signed with one of these keys, and +## uses the given addresses to connect to the trusted directory +## servers. If no DirServer lines are specified, Tor uses the built-in +## defaults (moria1, moria2, tor26), so you can leave this alone unless +## you need to change it. +## +## WARNING! Changing these options will make your Tor behave +## differently from everyone else's, and hurt your anonymity. Even +## uncommenting these lines is a bad idea. They are the defaults now, +## but the defaults may change in the future, leaving you behind. +## +#DirServer v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 +#DirServer v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF +#DirServer v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D ## On startup, setgid to this user. #Group GID diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index 0a25d833ae..cac24b667b 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -54,15 +54,6 @@ AllowUnverifiedNodes middle,rendezvous ## see the FAQ entry if you want Tor to run as an NT service. #RunAsDaemon 1 -## Tor only trusts directories signed with one of these keys, and -## uses the given addresses to connect to the trusted directory -## servers. If no DirServer lines are specified, Tor uses the built-in -## defaults (moria1, moria2, tor26), so you can leave this alone unless -## you need to change it. -#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 -#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF -#DirServer 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D - ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory @LOCALSTATEDIR@/lib/tor diff --git a/src/or/config.c b/src/or/config.c index fd9c2822fb..8970d8d7ed 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2101,6 +2101,7 @@ options_validate(or_options_t *options) if (!options->DirServers) { add_default_trusted_dirservers(options); } else { + log_fn(LOG_WARN, "You have used DirServer to specify directory authorities in your configuration. This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity. Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future. Be sure you know what you're doing."); for (cl = options->DirServers; cl; cl = cl->next) { if (parse_dir_server_line(cl->value, 1)<0) result = -1;