Opened 5 months ago

Last modified 5 months ago

#30545 new defect

must not *skip* obsolete options.

Reported by: weasel Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.3.5.8
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor version 0.3.5.8 ignores DNSListenAddress.

While it logs
May 21 08:59:58 raven Tor-transparent[32235]: Skipping obsolete configuration option 'TransListenAddress'
May 21 08:59:58 raven Tor-transparent[32235]: Skipping obsolete configuration option 'DNSListenAddress'

it still starts, and then *binds* to 127.0.0.1:53, breaking all sorts of things.

If it finds obsolete configuration options, it really, really, really must not ignore then and do unwanted stuff.

Child Tickets

Change History (6)

comment:1 Changed 5 months ago by cypherpunks

It's a feature ;) (security feature!)

comment:2 Changed 5 months ago by ahf

Component: Core TorCore Tor/Tor
Milestone: Tor: unspecified

Can't you just DNSPort which takes an address as well? Same goes for TransPort.

comment:3 in reply to:  2 Changed 5 months ago by weasel

Replying to ahf:

Can't you just DNSPort which takes an address as well? Same goes for TransPort.

That isn't the point. The point is that an upgrade broke an entire system. If Tor had failed to start because it no longer recognizes the option, that would have been fine. Infringing on another service's ports because you now ignore a config option is not fine.

comment:4 Changed 5 months ago by weasel

My old config was

DNSPort 53
DNSListenAddress 172.22.15.1

and tor launched a listening socket on 127.0.0.1:53, where unbound was also listening, resulting in Tor effectively stealing my DNS requests and leaking them via Tor.

comment:5 Changed 5 months ago by irl

Now that I think about it, skipping options when we remove them is really not a great idea. Refusing to start is a better option to avoid surprises.

If someone has added an option to their torrc then it's because the defaults weren't working for them. Silently reverting the user back to the defaults is going to be a surprise. (I know there are log entries, but some people use unattended upgrades.)

comment:6 Changed 5 months ago by nickm

Per discussion on IRC: I think we need to have two categories of obsolete options: one of which is ignored and causes a warning, and the other of which causes a failure to start. We should partition our list of obsolete options into these categories, based on our best guess of user preference.

Note: See TracTickets for help on using tickets.