Opened 9 years ago

Last modified 2 years ago

#1238 new defect (None)

Exit flag assigned can be assigned to nodes that don't really exit.

Reported by: Sebastian Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: 0.2.2.7-alpha
Severity: Normal Keywords: tor-dirauth exit-flag flags voting needs-design
Cc: Sebastian, dun, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arma)

The router b0red is flagged as Exit, even though its Exit policy doesn't allow any exits.

Discovered by "dun" on #tor.

This is currently part of the consensus:

r b0red WCi6nB/t0u9ZtGBcrrWFgpXdjlg w+3Dl7l2fnUc0JhSMLchCL7RcjU 2010-02-02 00:21:48 80.190.250.90 443 80
s Exit Fast Guard HSDir Named Running Stable V2Dir Valid
v Tor 0.2.1.20
w Bandwidth=621
p reject 1-65535

descriptor:

@downloaded-at 2010-01-31 23:16:54
@source "194.109.206.212"
router b0red 80.190.250.90 443 0 80
platform Tor 0.2.1.20 on Linux i686
opt protocols Link 1 2 Circuit 1
published 2010-01-31 12:20:43
opt fingerprint 5828 BA9C 1FED D2EF 59B4 605C AEB5 8582 95DD 8E58
uptime 5097747
bandwidth 5242880 10485760 261098
opt extra-info-digest 535CE872B386F71E9DEA356B10E63E9D83789F57
onion-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAM2wCZqUMEgPDdEsVrW1XfHrvqmOT1KYDMupz7h+DA5b56VMPOIyOG57
hKGliyW5gE7B/Qtt5EtasScqAFM+kV9BVXWVshFEF4tu2kWdFS8E4XKVks0NbTUU
2H/l0W/H2KdMy1bUuWyd7s1ftcuodb04Na3U/DS0t26Ta1kADWLZAgMBAAE=
-----END RSA PUBLIC KEY-----
signing-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBANB7P5x+7SON1dd2RkuqjNZaPsSPKoGKIOuq1IwSNDJR8+Y7T7jijgWe
ZKzvieP82XK1eDxKTdXCJbWR1X+V5a5XExt8RNszeslK02bC+Q4wTUtlM7n3319Q
UQrLTp++dVLa0LuNvlbux39tqAqriyn0hWI2JVEbkrp32N4l28SFAgMBAAE=
-----END RSA PUBLIC KEY-----
opt hidden-service-dir
opt allow-single-hop-exits
contact xxoes <xxoes at b0red.de>
reject 0.0.0.0/8:*
reject 169.254.0.0/16:*
reject 127.0.0.0/8:*
reject 192.168.0.0/16:*
reject 10.0.0.0/8:*
reject 172.16.0.0/12:*
reject 80.190.250.90:*
reject *:1-65534
reject *:65535
accept *:*
router-signature
-----BEGIN SIGNATURE-----
SVmtJeKcTUVyaZO8PfKtd0E1yQUR+TffgNo5AAgPOGLdjqmbIpFA2RqsfFqXK2Re
PQ34TxbgMKGxfZKDVXAfeQFVVQgFny8KqAlzDfytFUxOGvdcthHsfg/FJwbPneNU
eiNdn4E+ug8JjOcAKJ7EdfhmIKaWRXAg2NKZKWbNnRQ=
-----END SIGNATURE-----

Child Tickets

Change History (13)

comment:1 Changed 9 years ago by Sebastian

Our implementation of exit_policy_is_general_exit assumes that
exit_policy_remove_redundancies really removes all redundancies
(and was called on the exit policy before it was passed in),
which it doesn't in the case above. I think that is the wrong approach,
exit_policy_is_general_exit should be correct independent of the
possible redundancies.
I wrote a simple testcase to show the problem, will work on a fix
later if no-one beats me to it ;)

comment:2 Changed 9 years ago by nickm

Nice one. Feel free to fix.

comment:3 Changed 9 years ago by Sebastian

Branch bug1238 in my public repo (for those without git,
http://gitweb.torproject.org//sebastian/tor.git?a=shortlog;h=refs/heads/bug1238
)

comment:4 Changed 9 years ago by Sebastian

fixed in git

comment:5 Changed 9 years ago by Sebastian

Except it isn't really fixed.

accept 0.0.0.0/8:80
accept 0.0.0.0/8:443
reject *:*

will get an exit flag currently.

comment:6 Changed 9 years ago by nickm

Description: modified (diff)
Milestone: Tor: 0.2.3.x-final

comment:7 Changed 8 years ago by arma

Component: Tor RelayTor Directory Authority
Description: modified (diff)

comment:8 Changed 7 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: unspecified

comment:9 Changed 7 years ago by nickm

Keywords: tor-auth added

comment:10 Changed 7 years ago by nickm

Component: Tor Directory AuthorityTor

comment:11 Changed 2 years ago by dgoulet

Cc: Sebastian,dun,nickmSebastian, dun, nickm
Keywords: tor-dirauth added; tor-auth removed

Turns out that tor-auth is for directory authority so make it clearer with tor-dirauth

comment:12 Changed 2 years ago by nickm

Keywords: exit-flag flags voting needs-design added
Severity: Normal
Summary: Exit flag assigned incorrectlyExit flag assigned can be assigned to nodes that don't really exit.

comment:13 Changed 2 years ago by nickm

Closed #11624 as duplicate of this.

Note: See TracTickets for help on using tickets.