Opened 7 months ago

Closed 3 months ago

#29338 closed defect (duplicate)

restore HiddenServiceAuthorizeClient in v3

Reported by: Alan Owned by:
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version: Tor: 0.3.5.7
Severity: Normal Keywords: tor-hs, hs-auth, client-auth, hsv3, network-team-roadmap-2019-Q1Q2, 041-deferred-20190530
Cc: rl1987, dgoulet, asn Actual Points:
Parent ID: #14389 Points: 2
Reviewer: Sponsor: Sponsor27-must

Description

According to the manual, for v3 hidden services, if the contents of <HiddenServiceDir>/authorized_clients/ cannot be loaded, then the Hidden Service is enabled and is accessible to anyone with the onion address. This is a security hole. It opens the possibility that the user intended for the service to require authorization, but due to files being moved or deleted or inaccessible or other file system problem, the hidden service incorrectly becomes accessible to anyone.

Please restore the configuration option HiddenServiceAuthorizeClient for v3 services. If it is set to "basic", then authentication should be required for the service regardless of whether <HiddenServiceDir>/authorized_clients/ can be read, or alternately, if the authorized users cannot be read, tor should not start up or should not enable the hidden service.

Child Tickets

Change History (13)

comment:1 Changed 7 months ago by rl1987

Cc: rl1987 added

comment:2 Changed 5 months ago by nickm

Milestone: Tor: 0.4.1.x-final

comment:3 Changed 5 months ago by teor

I think this is a duplicate of #28996.
But maybe the user also wants some tor changes, as well as some documentation changes.

comment:4 Changed 5 months ago by teor

Parent ID: #27544

comment:5 Changed 5 months ago by ageisp0lis

Any progress here? #20742

comment:6 Changed 5 months ago by teor

Cc: dgoulet asn added

I can't answer your questions, but I think asn or dgoulet might be able to.

comment:7 Changed 5 months ago by asn

Parent ID: #27544#14389
Sponsor: Sponsor27-must

Thanks for this ticket. Triaged it and it will be done sooner than later.

comment:8 in reply to:  3 ; Changed 5 months ago by asn

Points: 2

Replying to teor:

I think this is a duplicate of #28996.
But maybe the user also wants some tor changes, as well as some documentation changes.

Teor maybe you mistyped the ticket? Which one do you mean?

comment:9 in reply to:  8 Changed 5 months ago by teor

Replying to asn:

Replying to teor:

I think this is a duplicate of #28996.
But maybe the user also wants some tor changes, as well as some documentation changes.

Teor maybe you mistyped the ticket? Which one do you mean?

#28966: HSv3 client auth insufficiently documented

comment:10 Changed 4 months ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 added

comment:11 Changed 4 months ago by nickm

Keywords: 041-deferred-20190530 added

Marking these tickets as deferred from 041.

comment:12 Changed 4 months ago by nickm

Milestone: Tor: 0.4.1.x-finalTor: 0.4.2.x-final

comment:13 Changed 3 months ago by dgoulet

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.