[tor-bugs] #2914 [Tor Relay]: Tor should not append to file if loglevel < notice

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Apr 14 13:15:52 UTC 2011


#2914: Tor should not append to file if loglevel < notice
-----------------------+----------------------------------------------------
 Reporter:  mikeperry  |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  normal     |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------
Description changed by mikeperry:

Old description:

> A lot of relay operators run tor from git for various reasons. These
> relay operators don't get the advantage of distribution log rotation, and
> can unknowingly leave tor running at low log level for long periods while
> running test branches. In some cases, SafeLogging may also be disabled.
>
> Presumably, since they are running git, they are upgrading often. Based
> on this assumption, an easy fix should be to just change the default log
> file open mode from O_APPEND to O_TRUNC if the loglevel is below notice,
> and/or if SafeLogging is off.
>
> Of course, a better fix is to implement our own log rotation. I don't
> think the corner case is that important. It is a non-default config that
> makes it risky** in the first place.
>
> Thanks for Marcia Hofmann @ EFF for pointing this out.
>
> ** (The reason it is risky is not because logs are terribly dangerous to
> anonymity in their current form, but moreso because logs can be such a
> false path due to the multiplexing of circuits over TLS.)

New description:

 A lot of relay operators run tor from git for various reasons. These relay
 operators don't get the advantage of distribution log rotation, and can
 unknowingly leave tor running at low log level for long periods while
 running test branches. In some cases, SafeLogging may also be disabled.

 Presumably, since they are running git, they are upgrading often. Based on
 this assumption, an easy fix should be to just change the default log file
 open mode from O_APPEND to O_TRUNC if the loglevel is below notice, and/or
 if SafeLogging is off.

 Of course, a better fix is to implement our own log rotation. I don't
 think the corner case is that important. It is a non-default config that
 makes it risky** in the first place.

 Thanks to Marcia Hofmann @ EFF for pointing this out.

 ** (The reason it is risky is not because logs are terribly dangerous to
 anonymity in their current form, but moreso because logs can be such a
 false path due to the multiplexing of circuits over TLS.)

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2914#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list