[tor-bugs] #17574 [Tor]: Fallback mirrors should never fetch from fallback mirrors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 9 23:34:12 UTC 2015
#17574: Fallback mirrors should never fetch from fallback mirrors
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.4.7-alpha
Severity: Normal | Keywords:
Actual Points: | Parent ID: #15775
Points: | Sponsor:
------------------------+--------------------------------
If we allow fallback mirrors to fallback to other fallback mirrors, we
could get download loops or other nasty consequences. The bootstrap
process should deliver a recent consensus and prevent this, but let's
avoid the possibility - there's no need for the ~300 fallbacks to use
mirrors.
While relays can check their own list of fallback mirrors, there's no way
to predict which relays were/are fallbacks in past/future releases.
Therefore, any relays which could possibly become a fallback, must connect
to an authority:
* public servers (not a bridge)
* with a dirport (not just an automatic dir cache with the V2Dir flag
(#12538), but one with an actual, public, dirport that can be used for
initial bootstrapping)
Currently, the authority connection code is advisory, we need to split it
and make the above conditions mandatory.
This was introduced in 0.2.4.7-alpha as an unintended consequence of
commits like 5c51b3f1f0d4c394392.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17574>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list