Opened 5 years ago

Closed 4 years ago

Last modified 4 years ago

#15259 closed enhancement (implemented)

Connection resolution despite DisableDebuggerAttachment

Reported by: atagar Owned by: atagar
Priority: High Milestone:
Component: Core Tor/Stem Version:
Severity: Normal Keywords: utils
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As discussed on #3313 tor's DisableDebuggerAttachment feature messes with proc permissions. This causes collateral damage breaking the system commands we use for connection resolution. This isn't intentional, but as a result we can't provide connection information for tor by default.

Jake pointed out that we might be able to work around this with a little work. This could provide a lot of value (this is the biggest point of confusion for arm users), so we should look into it at some point.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by atagar

Resolution: implemented
Severity: Normal
Status: newclosed

This is now a thing! By correlating consensus information with connection results we can sidestep DisableDebuggerAttachment to provide working connection resolution. Nyx now does exactly that...

https://gitweb.torproject.org/nyx.git/commit/?id=53fbe024898e96d9564ba982448f5c048acd0be0

comment:2 Changed 4 years ago by cypherpunks

Inference? You are GUESSING! And you'll be wrong.

comment:3 Changed 4 years ago by atagar

That seemed like the best name. If you have another in mind then fine.

It's filtering connections based on them being to our ORPort/DirPort/ControlPort or other tor relays. Are the results wrong? Possible, but unlikely. If you run multiple tor processes then they'll be muddied but outside of that I have a tough time thinking of scenarios where it's wrong.

Anywho, this is the best workaround I could think of. If it bugs you simply disable DisableDebuggerAttachment and you'll have a stronger guarantee.

Note: See TracTickets for help on using tickets.