[tor-bugs] #20509 [Core Tor/Tor]: Directory authorities should take away Guard flag from relays with #20499 bug

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 6 22:24:02 UTC 2016


#20509: Directory authorities should take away Guard flag from relays with #20499
bug
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:
     Type:  defect                               |         Status:
                                                 |  merge_ready
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.2.9.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.8.9
 Severity:  Normal                               |     Resolution:
 Keywords:  028-backport, easy,                  |  Actual Points:
  TorCoreTeam201612, review-group-13             |
Parent ID:                                       |         Points:
 Reviewer:  teor, arma                           |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:  028-backport, easy, TorCoreTeam201611, review-group-13 =>
     028-backport, easy, TorCoreTeam201612, review-group-13


Comment:

 Replying to [comment:26 nickm]:
 > I am +1 on waiting a couple of days till we are really sure that the bug
 is gone now.  Doing this once is annoying enough; doing it twice would be
 way yuckier.

 I have scanned 386 relays on the fallback whitelist for this bug as part
 of the new fallback list in #18828. None of them had a stale consensus.

 Here is the methodology:
 * use the fallback whitelist, including recent operator opt-ins in
 https://github.com/teor2345/tor/blob/fallbacks-201612/scripts/maint/fallback.whitelist
 * exclude known versions affected by #20499,
 * exclude versions not recommended by the directory authorities, then
 check if a microdesc consensus is expired. (My script fixes the issue in
 #20501 where the local time was being compared to a UTC time.)
 * download a microdesc consensus, and check if the expiry time is after
 the current time.

 I think we should merge this patch to 0.2.8 and later:
 * ticket20509_028 to 0.2.8
 * ticket20509_029 to 0.2.9 and then merge 0.2.9 to master

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20509#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list