commit c4bb3c8d447400573eb45f3e2076e6b80187f1b9 Author: Nick Mathewson nickm@torproject.org Date: Wed Feb 12 15:32:50 2014 -0500
Log only one message for dangerous log settings.
We log only one message, containing a complete list of what's wrong. We log the complete list whenever any of the possible things that could have gotten wrong gets worse.
Fix for #9870. Bugfix on 10480dff01bece13fab, which we merged in 0.2.5.1-alpha. --- changes/bug9870 | 5 +++++ src/or/config.c | 38 +++++++++++++++++++++++++------------- 2 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/changes/bug9870 b/changes/bug9870 new file mode 100644 index 0000000..b4b2c2d --- /dev/null +++ b/changes/bug9870 @@ -0,0 +1,5 @@ + o Minor bugfixes: + + - Log only one message when we start logging in an unsafe + way. Previously, we would log as many messages as we had + problems. Fix for #9870; bugfix on 0.2.5.1-alpha. diff --git a/src/or/config.c b/src/or/config.c index d298177..dcbe88d 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1148,12 +1148,31 @@ options_act_reversible(const or_options_t *old_options, char **msg) tor_free(severity); tor_log_update_sigsafe_err_fds(); } - if (get_min_log_level() >= LOG_INFO && - get_min_log_level() != old_min_log_level) { - log_warn(LD_GENERAL, "Your log may contain sensitive information: you're " - "logging more than "notice". Please log safely. Don't log " - "unless it serves an important reason, and overwrite the log " - "afterwards."); + + { + const char *badness = NULL; + int bad_safelog = 0, bad_severity = 0, new_badness = 0; + if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) { + bad_safelog = 1; + if (!old_options || old_options->SafeLogging_ != options->SafeLogging_) + new_badness = 1; + } + if (get_min_log_level() >= LOG_INFO) { + bad_severity = 1; + if (get_min_log_level() != old_min_log_level) + new_badness = 1; + } + if (bad_safelog && bad_severity) + badness = "you disabled SafeLogging, and " + "you're logging more than "notice""; + else if (bad_safelog) + badness = "you disabled SafeLogging"; + else + badness = "you're logging more than "notice""; + if (new_badness) + log_warn(LD_GENERAL, "Your log may contain sensitive information - %s. " + "Don't log unless it serves an important reason. " + "Overwrite the log afterwards.", badness); }
SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn, @@ -1341,13 +1360,6 @@ options_act(const or_options_t *old_options) } #endif
- if (options->SafeLogging_ != SAFELOG_SCRUB_ALL && - (!old_options || old_options->SafeLogging_ != options->SafeLogging_)) { - log_warn(LD_GENERAL, "Your log may contain sensitive information - you " - "disabled SafeLogging. Please log safely. Don't log unless it " - "serves an important reason. Overwrite the log afterwards."); - } - if (options->Bridges) { mark_bridge_list(); for (cl = options->Bridges; cl; cl = cl->next) {