[tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 11 00:58:59 UTC 2011 

#2988: information disclosure: operating system and platform
-----------------------+----------------------------------------------------
 Reporter:  tagnaq     |          Owner:                  
     Type:  defect     |         Status:  new             
 Priority:  normal     |      Milestone:  Tor: unspecified
Component:  Tor Relay  |        Version:                  
 Keywords:             |         Parent:                  
   Points:             |   Actualpoints:                  
-----------------------+----------------------------------------------------

Comment(by mikeperry):

 The Tor network has been running for how many years now? How many times in
 the past have we needed this info? It is definitely not zero for some
 info, but it is zero for others. I found some very interesting results
 about the circuit failure rates of Windows machines in the past, but Nick
 has said this is more directly a function of libevent version and polling
 method on those machines than Windows itself.

 I also agree that we should drop info that makes exploits easier. The arch
 string seems totally irrelevant to me. I don't think we'll ever see a
 strong correlation between x86 vs x64 and tor performance or reliability
 properties.. Sure, x64 may do crypto better. But crypto perf is also a
 function of many other factors, and this arch info aids exploiters, and
 may not actually always be obvious by remote fingerprinting with nmap if
 the system is locked down in other respects.

 As for using capabilities instead: we occasionally have bad bugs that
 apply to specific tor minor versions. For example, the bandwidth lying bug
 of 0.2.2.23-24 is a useful thing to see, and bugs of this sort are
 something that will *not* be reflected in a capability string, because it
 is not intentional functionality.

 However, I do feel like we want more info in this string, though. It would
 be very useful to have the libevent version and polling method included,
 for example. These should be added to the version string, IMO.

 It would be interesting to hear Nick's opinion as to if the libevent
 polling method would be enough to allow us to drop the OS string entirely.
 Maybe it is.

 So, in my ideal world, the version string would be Tor major+minor version
 + libevent version + method, with no arch, and no git hash. Maybe also OS,
 depending on what Nick says about libevent capturing this info.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2988#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list