Opened 7 years ago

Closed 5 years ago

#8180 closed defect (fixed)

EntryNodes ignored when UseEntryGuards==0, warning can be overlooked

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version: Tor: 0.2.4.9-alpha
Severity: Keywords: EntryNodes tor-client 023-backport easy
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The man page doesn't mention that the EntryNodes option only applies when Tor uses entry guards. I think this is not the expected bahaviour because the option is called "EntryNodes" and not "EntryGuards".

If you don't want to fix this, at least let Tor exit with an error when it reads the torrc file, because if someone provides a list of EntryNodes, that can only mean he doesn't want his computer to connect to other nodes, and it might be dangerous for him if Tor does it anyway.

Child Tickets

Change History (9)

comment:1 Changed 7 years ago by nickm

Keywords: tor-client backport-023 easy added
Milestone: Tor: 0.2.4.x-final
Priority: normalmajor

The right solution IMO for 0.2.4 and earlier is probably to warn (or maybe even give an error) when the user specifies EntryNodes but sets UseEntryGuards 0. options_validate() would be the right function to edit. Anybody got a patch?

For 0.2.5 we could try to make EntryNodes restrict the entry nodes even when UseEntryGuards is 0, but that's more of a big feature.

comment:2 in reply to:  1 Changed 7 years ago by arma

Replying to nickm:

For 0.2.5 we could try to make EntryNodes restrict the entry nodes even when UseEntryGuards is 0, but that's more of a big feature.

I'd vote against this part. The entryguards behavior, and the entrynodes behavior, are close enough that we'd be doing better renaming entrynodes to entryguards.

comment:3 Changed 7 years ago by nickm

Priority: majornormal
Status: newneeds_information

Hang on. We *do* warn about this! That was #2571 . In options_validate, we have:

  if (options->EntryNodes && !options->UseEntryGuards)
    log_warn(LD_CONFIG, "EntryNodes is set, but UseEntryGuards is disabled. "
             "EntryNodes will be ignored.");

Is there any more to do here in 0.2.4?

comment:4 Changed 7 years ago by cypherpunks

I don't think a warning is enough. Tor should refuse to start with a configuration that contains a useless EntryNodes line. When I reported this problem I didn't see a warning, I probably overlooked it. But it doesn't matter because when you see this warning message Tor has already contacted the nodes you didn't want it to contact.

comment:5 Changed 6 years ago by nickm

Status: needs_informationnew
Summary: EntryNodes ignored when UseEntryGuards==0EntryNodes ignored when UseEntryGuards==0, warning can be overlooked

comment:6 Changed 6 years ago by nickm

Status: newneeds_review

I did a quick straw-poll and couldn't find anybody who disagreed with you there strongly. So I did the fix in branch "bug8180_023" in my public git repository.

Needs review.

comment:7 Changed 6 years ago by nickm

Keywords: 023-backport added; backport-023 removed
Milestone: Tor: 0.2.4.x-finalTor: 0.2.3.x-final

Reviewed by velope, who corrected some spelling and readability in the changes message. Now it's bug8180_023_v2. Merging that to 0.2.4 and later; marking for 023-backport.

comment:8 Changed 6 years ago by arma

This change makes your Tor exit in a surprising way, when before your Tor didn't do what you may or may not have thought you asked it to do.

That sounds like exactly the sort of thing we should *not* spring on people as a minor update on a stable release.

comment:9 Changed 5 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: 0.2.4.x-final
Resolution: fixed
Status: needs_reviewclosed

Marking a batch of tickets that had been under consideration for 0.2.3 backport as fixed-in-0.2.4. There is no plan for further 0.2.3 releases.

Note: See TracTickets for help on using tickets.