Opened 4 years ago

Closed 3 years ago

#19081 closed enhancement (not a bug)

tor exits when reload fails

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello,

I'm using Tor to access my servers over ssh and hidden services.

So, now, I made a change in /etc/torrc (it seems i made a mistake or something), reloaded tor, then completely lost any connectivity.

It would be nice if tor didn't exit when "just" reloading.

Tor should just say (in the logs) "something went wrong, check the config", but tor should *not* exit.

Sorry, i'm somehow mad. I know the fault is on me, I should have double(triple) checked the changes I made. But you're the devs, i'm the user. So here i am yelling at you ;-)

Thanks.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by cypherpunks

Summary: tor exists when reload failstor exits when reload fails

comment:2 Changed 4 years ago by cypherpunks

Component: - Select a componentCore Tor/Tor
Priority: HighMedium

comment:3 Changed 4 years ago by cypherpunks

update: it was because DNSPort couldn't bind to 127.0.0.1:53

Sorry about the ticket content. I'd edit it to make it less aggressive, but it seems the body can't be updated.

comment:4 Changed 4 years ago by nickm

We've thought about this a few times, and so far we've only found two ways to handle errors on reload:

  • If we exit on reload when the configuration has an error, then people complain that we exit. (This is the current situation.)
  • If we don't exit on reload when the configuration has an error, then people complain that they didn't realize there was an error in their configuration, and they have no idea why their configuration changes aren't working.

We do support incremental reversible changes via the controller interface; maybe something like nyx would be right for you?

comment:5 Changed 4 years ago by cypherpunks

Hi nickm, thanks for your reply !

I didn't try nyx yet. It seems to be some kind of tor-arm successor ? I'll sure find this useful :)

But (there's always a "but" :p), in this particular case, using nyx wouldn't probably be helpful because it wasn't a config error, no typo was made, it's just that the server was already running a dns server on the specified port which caused Tor to exit, and kicked me out.

About the "two ways", I understand your feelings, but in both case, checking the logs -which is the first thing to do- would allow to "know why" it isn't working.

Having to check the logs or being kicked out, i don't know which case is the less practical ;p

comment:6 Changed 3 years ago by cypherpunks

Resolution: not a bug
Status: newclosed

So in short:

If tor is the only way to ssh to your server and you modify tor config, make mistake, reload tor, get kicked off.

If you don't have any kvm access, then what ? you just lost the only way to access your server.

Sure it's the way to go, let's close this issue as it's a fucking security feature.

Note: See TracTickets for help on using tickets.