[tor-bugs] #21974 [Core Tor/Tor]: Race: Tor declares controlport listener open before it has written its controlcookie to disk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 11 00:24:53 UTC 2017
#21974: Race: Tor declares controlport listener open before it has written its
controlcookie to disk
--------------------------+----------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+----------------------------------
Comment (by teor):
There is a race condition here, but it requires a specific set of
circumstances.
Most clients:
1. Connect to the control port
2. Issue PROTOCOLINFO
3. Read the cookie file name you are given
It's impossible for Tor to reply before it has written the cookie file,
because Tor has a single event-driven thread, which imposes the following
order:
1. Tor starts up and reads its config
2. Tor opens the control port
3. Tor writes the cookie file
4. Tor responds to requests on the control port
There are two rare cases where there is a race condition:
A. The controller assumes that the cookie file is located at a particular
location (it could cache it, hard-code it, or ask the user for it), and
reads it before issuing a PROTOCOLINFO.
B. Tor is being reconfigured, and responds to requests based on the old
config
Case A is technically a protocol violation, but we should support it.
I don't think it's possible for us to fix Case B.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21974#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list