[tor-bugs] #10887 [Obfsproxy]: ScrambleSuit should make it easy for bridge admins to learn password

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 15 14:32:24 UTC 2014


#10887: ScrambleSuit should make it easy for bridge admins to learn password
-------------------------+-------------------------------------------------
     Reporter:  phw      |      Owner:  phw
         Type:           |     Status:  needs_review
  enhancement            |  Milestone:
     Priority:  normal   |    Version:
    Component:           |   Keywords:  scramblesuit, password, shared
  Obfsproxy              |  secret
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by asn):

 * status:  needs_revision => needs_review


Comment:

 Did some work on this and pushed it at `bug10887_take3`. '''Might''' be
 ready for merge.

 Some problems I had to tackle:

 - scramblesuit unittests had `/tmp` hardcoded as the state location. I
 don't like this since it might  allow for symlink attacks in '''weird'''
 setups. I started using the `tempfile` module and hopefully replaced all
 the occurences of this.
 - scramblesuit unittests were not cleaning up their state location
 afterwards, which left `/tmp` dirty. I used `shutil.rmtree` to delete
 those directories.
 - Since we are not trying to print the whole `Bridge` line anymore, we
 don't care about the bindaddr so I ignored all the changes wrt bindaddr in
 Philipp's old branch.
 - If we are starting up in external mode, we should only call the setup()
 method of the transport we are going to launch, not of all transports.

 I tested the changes and they seem to work.

 I'm still not fully satisfied with the code quality, but I think I spent
 enough time on this for now.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10887#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list