Opened 8 months ago

Last modified 3 weeks ago

#22689 needs_revision defect

prop224: Stop rend and intro points being used as single hop proxies

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: prop224, relay-safety
Cc: Actual Points:
Parent ID: #17945 Points: 0.5
Reviewer: Sponsor:

Description (last modified by teor)

This prevents them knowing both the service and client IP addresses, and therefore being targets for network traffic logging, sybil, or hacking attacks.

We need to implement the following checks:

  • if the introduction point was made using a direct connection (single onion services), refuse direct client connections,
  • if the rend point was made using a direct connection (custom client, no tor2web for HSv3), refuse direct service connections (single onion services).

See #22688 for how this is done for HSDir3s using channel_is_client(). The comments in that patch explain why it works.

We could even refactor the common code out of connection_dir_is_anonymous() into connection_is_anonymous(), and avoid including channel[tls].h into directory.c.

I'm not sure if I will get time to do this, so please feel free to take this ticket.

Child Tickets

Change History (8)

comment:1 Changed 8 months ago by teor

We can do this for HSv2 rend points when we implement this patch, because single onion services retry a 3-hop path on failure.

But we can't fix HSv2 intro points, because tor2web doesn't retry a 3-hop path (#19662).

comment:2 Changed 8 months ago by teor

Description: modified (diff)
Status: newneeds_revision

See cddff59c0 in my branch bug22688-031 for code that might work for OR circuits.
(I accidentally wrote the OR version rather than the directory version.)

comment:3 Changed 8 months ago by teor

Owner: set to teor
Status: needs_revisionassigned

comment:4 Changed 8 months ago by teor

Status: assignedneeds_revision

comment:5 Changed 6 months ago by dgoulet

Status: needs_revisionneeds_review

Hrmm I think that should be in needs_review.

comment:6 Changed 6 months ago by teor

Status: needs_reviewneeds_revision

No, it really does need revision. And someone needs to actually *run* it.

comment:7 Changed 5 months ago by teor

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

I'm not going to get time to do these in 0.3.2.
Moving them to 0.3.3.

comment:8 Changed 3 weeks ago by teor

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Moving most of my assigned tickets to 0.3.4

Note: See TracTickets for help on using tickets.