Opened 4 years ago

Last modified 21 months ago

#16894 new task

Check all logging output is appropriately escaped / escaped_safe_str_client

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: security, logging, lorax, intro
Cc: Actual Points:
Parent ID: Points: 10
Reviewer: Sponsor:

Description

Security bugs like #16891 show up every so often, where sensitive input is logged, rather than being obscured. Similarly, client input is sometimes logged unsanitised (I fixed one of these in the directory request logging code about 9-12 months ago.)

It would be great if someone could review all the strings that are logged by Tor, and categorise them into:

  • static or calculated internally: trusted, log as-is
  • externally provided: unsanitised, use escaped()
  • sensitive client information: use escaped_safe_str_client()

Do we want this in 0.2.7, or should we leave it until 0.2.8?

Child Tickets

Change History (7)

comment:1 Changed 4 years ago by teor

Keywords: lorax added

comment:2 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.???

I think this is 0.2.8 or later, though fixing any particular instances can be done sooner.

comment:3 Changed 3 years ago by nickm

Keywords: TorCoreTeam201509 removed

Removing TorCoreTeam201509 from these tickets, since we do not own a time machine.

comment:4 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:5 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:6 Changed 22 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:7 Changed 21 months ago by nickm

Keywords: intro added
Points: 10
Severity: Normal
Note: See TracTickets for help on using tickets.