[tor-bugs] #20625 [Core Tor/Tor]: When a consensus doesn't have enough signatures, write it (and sigs) to a file
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 15 23:30:00 UTC 2016
#20625: When a consensus doesn't have enough signatures, write it (and sigs) to a
file
-----------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: easy?, tor-auth | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------------------
Comment (by teor):
We should only write the latest bad consensus to a file.
We should only write signatures from authorities we trust to the sigs
file. Otherwise, an authority's disk could be filled by a malicious server
pretending to be an authority.
Alternately, we could limit the file size(s).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20625#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list