[tor-bugs] #3540 [Tor Client]: Limit the number of non-open general circuits
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Jul 7 15:41:55 UTC 2011
#3540: Limit the number of non-open general circuits
------------------------+---------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent: #1865
Points: | Actualpoints:
------------------------+---------------------------------------------------
With some proposal 171 options, it's pretty easy for an ill-conceived
configuration and a/or a hostile application/server combination to provoke
a huge number of circuits. For example, if the user foolishly chooses
IsolateDestAddr or IsolateDestPort on a port that they then use for web
browsing, a hostile webpage can trivially make Tor try connections to an
arbitrarily large number of addresses, or to every possible port.
We could say "Don't do that then", but there's always some genius who
wants to ship a "sooper secure" bundle with all the options turned on. So
instead, let's have an option to limit the number of general circuits that
can be in a "building" state at a time.
This should have a reasonably safe default and a reasonably high maximum.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3540>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list