[tor-bugs] #6866 [Tor Client]: pathbias_count_first_hop(): Bug: circuitbuild.c:2650

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Sep 17 22:13:07 UTC 2012


#6866: pathbias_count_first_hop(): Bug: circuitbuild.c:2650
-----------------------------+----------------------------------------------
 Reporter:  fob              |          Owner:  mikeperry         
     Type:  defect           |         Status:  assigned          
 Priority:  major            |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client       |        Version:  Tor: 0.2.3.21-rc  
 Keywords:  MikePerry201209  |         Parent:                    
   Points:                   |   Actualpoints:                    
-----------------------------+----------------------------------------------

Comment(by rransom):

 Replying to [comment:5 mikeperry]:
 > I spent a little time looking at the Tor2web codepaths. I'm still not
 100% clear where it is picking up the extra hop in normal operation. As
 far as I can tell, tor2web circuits should only be 1 hop, should not be
 possible to cannibalize,

 If a hidden service client fails to introduce to a hidden service (or
 times out) at one of the services' introduction points, the hidden-service
 client code will extend the introduction circuit by one hop to the next
 introduction point it chooses.  (This is a big win for non-tor2web-mode HS
 clients.)

 > and there should be no client activity allowed other than tor2web's one-
 hop hidden service client traffic.

 tor2web mode does not prevent the user from operating a hidden service
 with that Tor instance.  (The service-side part of a hidden service is
 client-ish enough to build circuits.)


 Perhaps it should prevent users from operating hidden services, and turn
 off UseEntryGuards (as I understand it, this would disable the path-bias
 detection code).  They're not getting anonymity anyway.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6866#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list