[tor-bugs] #10518 [Tor]: local tor client policy remotely modified

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Dec 29 13:46:02 UTC 2013 

#10518: local tor client policy remotely modified
--------------------+----------------------------------
 Reporter:  mr-4    |          Owner:
     Type:  defect  |         Status:  new
 Priority:  normal  |      Milestone:
Component:  Tor     |        Version:  Tor: 0.2.4.18-rc
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+----------------------------------
 As part of my torrc I have a MapAddress directive, which redirects all
 requests to a specific domain via a tor exit point (I still use ".exit").
 That works satisfactory and served me well for a good while.

 Today when I tried to access that domain, I received and error (domain
 inaccessible) and when I inspected the tor logs I found a sequence of
 these messages: "Requested exit point 'XXXX' is excluded or would refuse
 request. Closing."

 This is obviously incorrect as I don't have such policy and have not
 restricted using that particular node (I did double-check my torrc file
 and since I also use default-torrc I checked that as well).

 Using the atlas service I made sure that the node in question is up and
 running and that was indeed the case (the tor node has been running for
 more than 40 days - continuously).

 Next, I stopped tor and restarted it (keeping the whole /var/lib/tor/*
 intact) and tried to access the same domain. I've got the same error
 message.

 Finally, I stopped tor again, wiped out the entire /var/lib/tor/*
 directory to force my tor client to download fresh consensus and cold-boot
 everything. After doing that I tried to access the redirected domain again
 and this time I was SUCCESSFUL!

 All of this leaves me to conclude that my tor client policy was remotely
 modified/altered, which if true, is a very serious issue, hence reporting
 it here.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10518>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list