subject:"\[tor\-bugs\] #22688 \[Core Tor\/Tor\]\: Make sure HSDir3s never know service, client, or bridge IP addresses"

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2018-02-26 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  needs_revision => needs_review
 * version:  Tor: unspecified =>


Comment:

 Latest code in #17945.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-08-24 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by dgoulet):

 * milestone:  Tor: 0.3.1.x-final => Tor: 0.3.2.x-final


Comment:

 031 release approaches rapidly, moving this to 032. I think it's not
 critical to have in 031 but nice to have!

 @teor, re-assign if you think otherwise.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-07-09 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  assigned => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-07-09 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * owner:   => teor
 * status:  needs_revision => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-06-22 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 See #21406 for the recent changes to channel_is_client().

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-06-22 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Replying to [comment:5 dgoulet]:
 > Some comments:
 >
 > * We should break this assert() in two different ones else if triggered,
 we won't know which condition triggered it:
 >
 > {{{
 > +  /* A clever compiler might complain this is always true */
 > +  tor_assert(TO_CONN(conn) && TO_CONN(conn)->linked);
 > }}}

 Agreed.

 > * How do we know that this is a `one-hop` circuit with this condition?
 >
 > {{{
 > +  /* Well, we won't be sending anything back on that, will we?
 > +   * (Avoid giving the wrong answer because state has been reset.) */
 > +  if (TO_CONN(conn)->linked_conn_is_closed ||
 > +  !l_conn || l_conn->marked_for_close) {
 > +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 > +   "Refusing %s one-hop encrypted directory connection.",
 > +   TO_CONN(conn)->linked_conn_is_closed ? "closed linked" :
 > +   !l_conn ? "NULL linked" : "marked for closed linked");
 > +return 0;
 > +  }
 > }}}
 >
 >  Same goes with these condition later:
 >
 > {{{
 > +  if (BUG(!exitconn) || !exitconn->on_circuit) {
 > [...]
 > +  if (BUG(!orcirc) || !orcirc->p_chan) {
 > }}}

 We don't.

 > * Would using `CIRCUIT_IS_ORCIRC()` me more appropriate here?
 >
 > {{{
 > +  /* We should always be using an OR circuit */
 > +  if (BUG(exitconn->on_circuit->purpose != CIRCUIT_PURPOSE_OR)) {
 > +return 0;
 > +  }
 > }}}

 Agreed: I couldn't find it when I was writing the patch.

 > * I'm unclear on where this is checked? Maybe it's done through some
 indirect checks that I haven't spotted but is there a way you can know
 that with an `or_circuit_t` ?
 >
 > {{{
 > + * For client circuits via relays, this is true for 2-hop or greater
 paths,
 > + * for client circuits via bridges, this is true for 3-hop or greater
 paths.
 > }}}

 This is checked at the end of the function using
 `!channel_is_client(p_chan)`.

 `channel_is_client()` is true if the channel is connected to a non-
 authenticated peer (something without a fingerprint). This can either be a
 client or a bridge.

 So to pass the `!channel_is_client(p_chan)` check:
 * a client can't connect directly, so a client has to have a 2-hop path
 through a relay,
 * a bridge can't connect directly, so a client has to have a 3-hop path
 through a bridge.

 Does that make sense?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-06-22 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by dgoulet):

 * status:  needs_review => needs_revision


Comment:

 Some comments:

 * We should break this assert() in two different ones else if triggered,
 we won't know which condition triggered it:

 {{{
 +  /* A clever compiler might complain this is always true */
 +  tor_assert(TO_CONN(conn) && TO_CONN(conn)->linked);
 }}}

 * How do we know that this is a `one-hop` circuit with this condition?

 {{{
 +  /* Well, we won't be sending anything back on that, will we?
 +   * (Avoid giving the wrong answer because state has been reset.) */
 +  if (TO_CONN(conn)->linked_conn_is_closed ||
 +  !l_conn || l_conn->marked_for_close) {
 +log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 +   "Refusing %s one-hop encrypted directory connection.",
 +   TO_CONN(conn)->linked_conn_is_closed ? "closed linked" :
 +   !l_conn ? "NULL linked" : "marked for closed linked");
 +return 0;
 +  }
 }}}

  Same goes with these condition later:

 {{{
 +  if (BUG(!exitconn) || !exitconn->on_circuit) {
 [...]
 +  if (BUG(!orcirc) || !orcirc->p_chan) {
 }}}

 * Would using `CIRCUIT_IS_ORCIRC()` me more appropriate here?

 {{{
 +  /* We should always be using an OR circuit */
 +  if (BUG(exitconn->on_circuit->purpose != CIRCUIT_PURPOSE_OR)) {
 +return 0;
 +  }
 }}}

 * I'm unclear on where this is checked? Maybe it's done through some
 indirect checks that I haven't spotted but is there a way you can know
 that with an `or_circuit_t` ?

 {{{
 + * For client circuits via relays, this is true for 2-hop or greater
 paths,
 + * for client circuits via bridges, this is true for 3-hop or greater
 paths.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-06-21 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Replying to [comment:3 teor]:
 > Do we want to do this for HSv2 service descriptor uploads as well?
 >
 > (We can't do it for HSv2 client descriptor downloads, because tor2web
 does them directly.)

 Yolo, let's do the service descriptor post fix for HSv2 as well.
 See the latest commits in bug22688-031: there was a bug in the original
 code which I fixuped.

 I tested this for v2 hidden services and single onion services (make test-
 network-all) and they all worked. Someone should probably test it with a
 HS with a bridge. (We don't have that set up in chutney yet.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-06-21 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Do we want to do this for HSv2 service descriptor uploads as well?

 (We can't do it for HSv2 client descriptor downloads, because tor2web does
 them directly.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

2017-06-21 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:  #17945   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * parent:   => #17945


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses (was: HSDir3s should refuse direct client descriptor uploads and downloads, even if encrypted

2017-06-21 Thread Tor Bug Tracker & Wiki

#22688: Make sure HSDir3s never know service, client, or bridge IP addresses
-+-
 Reporter:  teor |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  prop224, relay-safety,   |  Actual Points:  0.3
  031-backport, maybe-030-backport-with-21406|
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  new => needs_review
 * keywords:  prop224, relay-safety, 031-backport, no-030-backport =>
 prop224, relay-safety, 031-backport, maybe-030-backport-with-21406
 * actualpoints:  0.2 => 0.3
 * points:  0.2 => 0.3


Comment:

 Please see my branch bug22688-031 on github.

 If we want to backport it to 0.3.0, we also need to backport the
 channel_is_client fix in #21406, which was merged in 0.3.1.1-alpha.

 This compiles, but can't actually test this, so dgoulet or asn will need
 to check it against their working HSv3 service and client code.

 This breaks the direct descriptor downloads tor2web used to do in HSv2,
 see #20104. But we don't plan on tor2web in HSv3, so that's ok. (And if we
 do, this is something we should fix.)

 (This patch doesn't check if the circuit is from a relay, that check would
 be redundant.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses

Re: [tor-bugs] #22688 [Core Tor/Tor]: Make sure HSDir3s never know service, client, or bridge IP addresses (was: HSDir3s should refuse direct client descriptor uploads and downloads, even if encrypted

11 matches

Site Navigation

Mail list logo

Footer information