Opened 2 years ago

Last modified 20 months ago

#24269 new task

Raise a FATAL error if the user tried to combine v2 and prop224 hidden service in same directory

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, prop224, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: Points: 0.3
Reviewer: Sponsor:

Description

A user is hosting a hidden service:

Hid /path/to/key/hs-www/
hidport 127.0.0.1:80 80

What will happen if he add "HidVersion V3" line to the middle of the config?

Hid /path/to/key/hs-www/
HidVersion V3
hidport 127.0.0.1:80 80

Tor should detect this misconfiguration and raise an error.
(v2 and v3 keys should not exist in same directory)

should be;
==============================
Hid /path/to/key/hs-www/
hidport 127.0.0.1:80 80

Hid /path/to/key/hs-www-v3/
HidVersion V3
hidport 127.0.0.1:80 80
==============================

Child Tickets

Change History (12)

comment:1 Changed 2 years ago by cypherpunks

Summary: Raise a FATAL error if the user tried to combine v3 and v3 hidden service in same directoryRaise a FATAL error if the user tried to combine v2 and prop224 hidden service in same directory

comment:2 Changed 2 years ago by asn

Keywords: tor-hs prop224 added
Milestone: Tor: 0.3.2.x-final
Points: 0.3

Hm, not sure what's the right behavior here, but given how frequent this behavior must be when upgrading from v2 -> v3 we should think about it. Marking this as 0.3.2 for now, but we can defer it.

comment:3 Changed 2 years ago by dgoulet

Resolution: not a bug
Status: newclosed

This is already handled. You can't have two hidden services in the same directory path. The configuration process makes sure of that and error with:

Nov 14 07:51:16.145 [warn] Another hidden service is already configured for directory "DIR"

And tor stops. If you were able to make Tor load up with the same HS directory, please tell us how. Closing this for now.

comment:4 Changed 2 years ago by nickm

Resolution: not a bug
Status: closedreopened

You can just specify the same directory in two different ways, I think:

HiddenServiceDir /path/abc
HiddenServicePort 80
HiddenServiceDir /path/abc/.
HiddenServicePort 80
}}

Also, symlinks would let you do that.

comment:5 Changed 2 years ago by dgoulet

Oh we aren't sanitizing the input indeed. Do we have anything in tor to do that?

comment:6 Changed 2 years ago by nickm

I think it's less input sanitization, and more making sure that the directories aren't actually the same directory. (Consider the symlink case.)

comment:7 Changed 2 years ago by nickm

Status: reopenednew

comment:8 Changed 2 years ago by dgoulet

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

Ok btw, we have this in hs_config.c:

  /* XXX: Validate if we have any service that has the given service dir path.
   * This has two problems:
   *
   * a) It's O(n^2), but the same comment from the bottom of
   *    rend_config_services() should apply.
   *
   * b) We only compare directory paths as strings, so we can't
   *    detect two distinct paths that specify the same directory
   *    (which can arise from symlinks, case-insensitivity, bind
   *    mounts, etc.).
   *
   * It also can't detect that two separate Tor instances are trying
   * to use the same HiddenServiceDir; for that, we would need a
   * lock file.  But this is enough to detect a simple mistake that
   * at least one person has actually made. */

So known issue but not that simple to fix.

comment:9 Changed 22 months ago by asn

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final

Pushing this to 034, I think we have more important prop224 stuff to fix. Please put it back in 033 if you disagree!

comment:10 Changed 21 months ago by nickm

Keywords: 034-triage-20180328 added

comment:11 Changed 21 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:12 Changed 20 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.