Opened 8 years ago

Closed 8 years ago

Last modified 6 years ago

#2979 closed defect (fixed)

hostname disclosure

Reported by: tagnaq Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: Tor: 0.2.2.24-alpha
Severity: Keywords: tor-relay
Cc: tagnaq@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

If no Nickname in torrc is specified the local hostname is automatically used as Nickname (linux).
This is not documented behaviour (manpage) and is in my opinion an information disclosure.

The current behaviour should be explicitely documented in the "Nickname" option or the Nickname should default to "Unnamed" if not set in torrc.

Child Tickets

Change History (10)

comment:1 Changed 8 years ago by rransom

Milestone: Tor: 0.2.1.x-final
Priority: normalmajor

This behaviour was added intentionally in commit c2103eb63a15d2bb840e4ce7932ff12f21c95145 (first released in tor-0.0.8pre1), and I do think it's a bad idea.

comment:2 Changed 8 years ago by tagnaq

Cc: tagnaq@… added

If the behaviour will not be changed I would kindly ask you to document it in the 'Nickname' section of the manpage.

...but I would prefere an opt-in versus an opt-out (=explicitely setting Nickname to "Unnamed").

comment:3 Changed 8 years ago by arma

I agree we should remove this 'feature'.

Setting the nickname to Unnamed if they don't specify one is just as good (given that nicknames don't much matter), and doesn't have the information leak issue. Vidalia users already get this for free because Vidalia always tells Tor a nickname to use.

(But fixing it in 0.2.2, and leaving it in 0.2.1, is probably ok. 0.2.1 should die quietly.)

comment:4 Changed 8 years ago by nickm

Looks like an easy fix; anybody writing a patch here?

(I think the original rationale here was that back in 0.0.8pre1, Unnamed didn't exist.)

comment:5 Changed 8 years ago by Sebastian

Status: newneeds_review

bug2979 in my repo

comment:6 Changed 8 years ago by tagnaq

Thank you for accepting this bug and removing this 'feature'.

comment:7 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

merged in 0.2.2 and master

comment:8 Changed 6 years ago by nickm

Keywords: tor-relay added

comment:9 Changed 6 years ago by nickm

Component: Tor RelayTor

comment:10 Changed 6 years ago by nickm

Milestone: Tor: 0.2.1.x-final

Milestone Tor: 0.2.1.x-final deleted

Note: See TracTickets for help on using tickets.