Commit Graph

3094 Commits

Author SHA1 Message Date
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
2c88dd7f95 Clean up a formatting issue on the manpge; bug3154. 2011-05-12 11:36:20 -04:00
Roger Dingledine
ec25c1f6ca another changelog heuristic based on 0.2.3.1-alpha 2011-05-10 21:30:55 -04:00
Nick Mathewson
09d7af7789 Merge remote-tracking branch 'public/bug3022_v2' into maint-0.2.2 2011-05-09 13:37:56 -04:00
Andrew Lewman
be7e8f5bb9 fix the website directions. 2011-05-05 15:28:29 -04:00
Nick Mathewson
0ee524b57f Merge branch 'bug2379' into maint-0.2.2 2011-05-04 17:37:56 -04:00
Nick Mathewson
29f1ffa0fe More notes on how to upload tarballs from erinn 2011-05-04 17:21:33 -04:00
Nick Mathewson
b04dca448d Add some missing torrc entries to tor.1.txt
Fixes bug 2379
2011-05-03 22:14:40 -04:00
Nick Mathewson
033c27ac5e Add a couple of notes to doc/HACKING based on 0.2.2.25-alpha process 2011-05-02 16:55:50 -04:00
Roger Dingledine
93b0183d3c add another heuristic for changes stanzas 2011-04-29 01:35:21 -04:00
Nick Mathewson
676190e895 Update hacking file with terse notes on formatting changelog 2011-04-28 23:44:48 -04:00
Nick Mathewson
cd42ae7185 Only authorities should automatically download v2 networkstatus documents
Clients and relays haven't used them since early 0.2.0.x.  The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.

We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.

This fixes bug 3022.
2011-04-28 21:06:07 -04:00
Roger Dingledine
0f48e8fa9a minor tweaks to manpage 2011-04-27 14:04:50 -04:00
Nick Mathewson
2ac768e89f Revise the manpage to contain the actual intended *Nodes behavior
This is a squashed version of my former desired_nodes_behavior branch
that we used to specify the intended results wrt bug 1090.
2011-04-27 13:39:22 -04:00
Nick Mathewson
48c4d53281 Add a step to the release process: tell trac about the version. 2011-03-10 16:10:53 -05:00
Roger Dingledine
dbd4a01756 steps roger takes when making a new release 2011-03-08 16:06:32 -05:00
Roger Dingledine
9c72324ae8 update spec locations 2011-03-08 15:31:04 -05:00
Roger Dingledine
95edd51116 make nickm's proposed convention from 2003 be gospel 2011-03-08 14:59:30 -05:00
Robert Ransom
88e0de9ebb Fix typo in man page 2011-03-03 10:41:39 -08:00
Nick Mathewson
530e87ce31 Add some dollar signs in an attempt to appease older asciidocs
We should really require a modern asiidoc: backporting stuff to 8.2 is
a timesink.
2011-02-22 18:24:33 -05:00
Roger Dingledine
4f730e4f3f Merge branch 'maint-0.2.1' into maint-0.2.2 2011-02-22 14:44:09 -05:00
Roger Dingledine
0ab62a4dc5 prefer https urls 2011-02-22 14:39:09 -05:00
Nick Mathewson
9d5873cdae Merge branch 'log_domains' into maint-0.2.2 2011-02-22 13:01:02 -05:00
Nick Mathewson
d673479eba Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	doc/Makefile.am
	doc/spec/Makefile.am
	doc/spec/address-spec.txt
	doc/spec/bridges-spec.txt
	doc/spec/control-spec-v0.txt
	doc/spec/control-spec.txt
	doc/spec/dir-spec-v1.txt
	doc/spec/dir-spec-v2.txt
	doc/spec/dir-spec.txt
	doc/spec/path-spec.txt
	doc/spec/proposals/000-index.txt
	doc/spec/proposals/001-process.txt
	doc/spec/proposals/098-todo.txt
	doc/spec/proposals/099-misc.txt
	doc/spec/proposals/100-tor-spec-udp.txt
	doc/spec/proposals/101-dir-voting.txt
	doc/spec/proposals/102-drop-opt.txt
	doc/spec/proposals/103-multilevel-keys.txt
	doc/spec/proposals/104-short-descriptors.txt
	doc/spec/proposals/105-handshake-revision.txt
	doc/spec/proposals/106-less-tls-constraint.txt
	doc/spec/proposals/107-uptime-sanity-checking.txt
	doc/spec/proposals/108-mtbf-based-stability.txt
	doc/spec/proposals/109-no-sharing-ips.txt
	doc/spec/proposals/110-avoid-infinite-circuits.txt
	doc/spec/proposals/111-local-traffic-priority.txt
	doc/spec/proposals/112-bring-back-pathlencoinweight.txt
	doc/spec/proposals/113-fast-authority-interface.txt
	doc/spec/proposals/114-distributed-storage.txt
	doc/spec/proposals/115-two-hop-paths.txt
	doc/spec/proposals/116-two-hop-paths-from-guard.txt
	doc/spec/proposals/117-ipv6-exits.txt
	doc/spec/proposals/118-multiple-orports.txt
	doc/spec/proposals/119-controlport-auth.txt
	doc/spec/proposals/120-shutdown-descriptors.txt
	doc/spec/proposals/121-hidden-service-authentication.txt
	doc/spec/proposals/122-unnamed-flag.txt
	doc/spec/proposals/123-autonaming.txt
	doc/spec/proposals/124-tls-certificates.txt
	doc/spec/proposals/125-bridges.txt
	doc/spec/proposals/126-geoip-reporting.txt
	doc/spec/proposals/127-dirport-mirrors-downloads.txt
	doc/spec/proposals/128-bridge-families.txt
	doc/spec/proposals/129-reject-plaintext-ports.txt
	doc/spec/proposals/130-v2-conn-protocol.txt
	doc/spec/proposals/131-verify-tor-usage.txt
	doc/spec/proposals/132-browser-check-tor-service.txt
	doc/spec/proposals/134-robust-voting.txt
	doc/spec/proposals/135-private-tor-networks.txt
	doc/spec/proposals/137-bootstrap-phases.txt
	doc/spec/proposals/138-remove-down-routers-from-consensus.txt
	doc/spec/proposals/140-consensus-diffs.txt
	doc/spec/proposals/141-jit-sd-downloads.txt
	doc/spec/proposals/142-combine-intro-and-rend-points.txt
	doc/spec/proposals/143-distributed-storage-improvements.txt
	doc/spec/proposals/145-newguard-flag.txt
	doc/spec/proposals/146-long-term-stability.txt
	doc/spec/proposals/147-prevoting-opinions.txt
	doc/spec/proposals/148-uniform-client-end-reason.txt
	doc/spec/proposals/149-using-netinfo-data.txt
	doc/spec/proposals/150-exclude-exit-nodes.txt
	doc/spec/proposals/151-path-selection-improvements.txt
	doc/spec/proposals/152-single-hop-circuits.txt
	doc/spec/proposals/153-automatic-software-update-protocol.txt
	doc/spec/proposals/154-automatic-updates.txt
	doc/spec/proposals/155-four-hidden-service-improvements.txt
	doc/spec/proposals/156-tracking-blocked-ports.txt
	doc/spec/proposals/157-specific-cert-download.txt
	doc/spec/proposals/158-microdescriptors.txt
	doc/spec/proposals/159-exit-scanning.txt
	doc/spec/proposals/ideas/xxx-hide-platform.txt
	doc/spec/proposals/ideas/xxx-port-knocking.txt
	doc/spec/proposals/ideas/xxx-separate-streams-by-port.txt
	doc/spec/proposals/ideas/xxx-what-uses-sha1.txt
	doc/spec/proposals/reindex.py
	doc/spec/rend-spec.txt
	doc/spec/socks-extensions.txt
	doc/spec/tor-spec.txt
	doc/spec/version-spec.txt
2011-02-21 16:09:23 -05:00
Nick Mathewson
7bdb7d4811 Remove specs from 0.2.1 branch: they have moved to a new repository. 2011-02-21 16:02:16 -05:00
Nick Mathewson
d37660d3f3 Merge remote-tracking branch 'rransom/bug2089' into maint-0.2.2 2011-02-10 16:01:19 -05:00
Robert Ransom
6f07363e72 Document what descriptors HSAuthoritativeDir serves
Fixes bug 2089.
2011-02-10 11:06:05 -08:00
Robert Ransom
20d493308a Update documentation for PublishServerDescriptor (0.2.2.x) 2011-02-09 03:20:43 -08:00
Robert Ransom
5fc6967956 Update documentation for PublishServerDescriptor 2011-02-09 02:33:24 -08:00
Nick Mathewson
fcf3eb03bd typo in manpage fix 2011-02-07 12:51:20 -05:00
Nick Mathewson
98cef0ac1e Merge branch 'bug2279' into maint-0.2.2 2011-02-07 12:43:54 -05:00
Nick Mathewson
e854e01d57 Some cleanups to bug2279 messages/docs from rransom 2011-02-07 12:40:43 -05:00
Nick Mathewson
e9803aa710 Merge branch 'bug2203_rebased' into maint-0.2.2 2011-02-04 12:22:18 -05:00
Sebastian Hahn
f2bb7b17d7 Remove country codes from EntryNodes manpage entry 2011-01-28 14:19:28 +01:00
Nick Mathewson
30111a3a01 add documentation for ClientRejectInternalAddresses 2011-01-26 12:08:52 -05:00
Nick Mathewson
1dd98891d7 Explain soft shutdown mode a little better in the accountingmax documentation 2011-01-26 11:45:37 -05:00
Nick Mathewson
5774ada5d2 Fix typo in dir-spec.txt [found by sebastian] 2011-01-26 11:41:33 -05:00
Nick Mathewson
411ec3c0f8 Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).

This can also help detect forwarding loop requests.

Found as part of bug2279.
2011-01-25 20:39:44 -05:00
Nick Mathewson
ffc3caf8d5 Describe consensus method 11 in dir-spec.txt 2011-01-25 17:49:50 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
e261a1a3e6 Simplify syntax for negated log domains
Previously if you wanted to say "All messages except network
messages", you needed to say "[*,~net]" and if you said "[~net]" by
mistake, you would get no messages at all.  Now, if you say "[~net]",
you get everything except networking messages.
2011-01-25 15:03:36 -05:00
Nick Mathewson
23f8bedddb Add manpage entry for logging domains
Fixes issue 2215.
2011-01-25 15:02:36 -05:00
Sebastian Hahn
a1860cc3f1 Update the spec with the new bounds 2011-01-15 19:50:06 +01:00
Sebastian Hahn
932e5c3cf0 Fix a typo spotted by Roger 2011-01-15 19:42:17 +01:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Nick Mathewson
732275bb81 Describe tor-resolve defaults. Bug 2364. 2011-01-09 15:40:40 -05:00