[tor-bugs] #1938 [Tor Bridge]: UpdateBridgesFromAuthority dangerous
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Apr 27 15:34:12 UTC 2012
#1938: UpdateBridgesFromAuthority dangerous
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: task | Status: needs_review
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by nickm):
* status: new => needs_review
Comment:
So, could this be as simple as editing purpose_needs_anonymity() to change
this:
{{{
if (router_purpose == ROUTER_PURPOSE_BRIDGE && can_complete_circuit)
}}}
into this:
{{{
if (router_purpose == ROUTER_PURPOSE_BRIDGE)
}}}
? I believe that in the case where we download descriptors from bridges,
we don't call purpose_needs_anonymity() at all. And in any other case, we
don't really want to fall back for bootstrapping purposes at all.
There's a patch in my branch "bug1938" that does that, but I believe it
isn't complete. Looking at the logic in fetch_bridge_descriptors(), it
seems like the requisite fallback logic doesn't exist. In other words,
what we'd actually want is something like, "Try the bridge first and use
the authority if it isn't there", or "Try the authority first and use the
bridge if it can't answer." But from the way we set ask_bridge_directly,
it seems like we always use it when we can and when
UpdateBridgesFromAuthority is on.
I think what we want is a setting that makes us use ask_bridge_directly=1
unless we've tried to connect to the bridge and failed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1938#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list