[tor-bugs] #3540 [Tor Client]: Limit the number of non-open general circuits

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Jul 7 15:41:55 UTC 2011


#3540: Limit the number of non-open general circuits
------------------------+---------------------------------------------------
 Reporter:  nickm       |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:  #1865             
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
 With some proposal 171 options, it's pretty easy for an ill-conceived
 configuration and a/or a hostile application/server combination to provoke
 a huge number of circuits.  For example, if the user foolishly chooses
 IsolateDestAddr or IsolateDestPort on a port that they then use for web
 browsing, a hostile webpage can trivially make Tor try connections to an
 arbitrarily large number of addresses, or to every possible port.

 We could say "Don't do that then", but there's always some genius who
 wants to ship a "sooper secure" bundle with all the options turned on.  So
 instead, let's have an option to limit the number of general circuits that
 can be in a "building" state at a time.

 This should have a reasonably safe default and a reasonably high maximum.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3540>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list