Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#6889 closed enhancement (implemented)

Warn if HSes are configured on a client with UseEntryGuards disabled

Reported by: rransom Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-hs
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

Change History (6)

comment:1 Changed 7 years ago by rransom

Status: newneeds_review

See my warn-about-hses-without-guards branch (based on my bug6888b branch to avoid merge conflicts) for a fix for this, along with an unrelated comment typo fix.

comment:2 Changed 7 years ago by andrea

The code looks fine to me, but should this be stronger than a log warning perhaps? If the user does this with a hidden service that anyone might care to try to locate, then by the time the user sees this message it's likely been exposed to the world like that at least briefly.

Maybe we should disable the hidden service instead unless the user explicitly says "yeah, I asked for it, give it to me good and hard" somewhere?

comment:3 in reply to:  2 Changed 7 years ago by rransom

Replying to andrea:

The code looks fine to me, but should this be stronger than a log warning perhaps? If the user does this with a hidden service that anyone might care to try to locate, then by the time the user sees this message it's likely been exposed to the world like that at least briefly.

Maybe we should disable the hidden service instead unless the user explicitly says "yeah, I asked for it, give it to me good and hard" somewhere?

If this had gone into 0.2.4.3-alpha (along with the change which turned off UseEntryGuards for tor2web mode clients), that might have been beneficial. But now, anyone who is going to be harmed by running hidden services on a Tor client without entry guards has already been screwed over, silently. Disabling their hidden services or making their Tor client fail to start won't help them any more than a warning message will.

comment:4 Changed 7 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

merged

comment:5 Changed 7 years ago by nickm

Keywords: tor-hs added

comment:6 Changed 7 years ago by nickm

Component: Tor Hidden ServicesTor
Note: See TracTickets for help on using tickets.