[tor-bugs] #22689 [Core Tor/Tor]: prop224: Stop rend and intro points being used as single hop proxies
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 22 00:37:43 UTC 2017
#22689: prop224: Stop rend and intro points being used as single hop proxies
-----------------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: prop224, relay-safety | Actual Points:
Parent ID: #17945 | Points: 0.5
Reviewer: | Sponsor:
-----------------------------------+------------------------------------
Changes (by teor):
* status: new => needs_revision
Old description:
> This prevents them knowing both the service and client IP addresses, and
> therefore being targets for network traffic logging, sybil, or hacking
> attacks.
>
> We need to implement the following checks:
> * if the introduction point was made using a direct connection (single
> onion services), refuse direct client connections,
> * if the rend point was made using a direct connection (custom client, no
> tor2web for HSv3), refuse direct service connections (single onion
> services).
>
> See #22668 for how this is done for HSDir3s using channel_is_client().
> The comments in that patch explain why it works.
>
> We could even refactor the common code out of
> connection_dir_is_anonymous() into connection_is_anonymous(), and avoid
> including channel[tls].h into directory.c.
>
> I'm not sure if I will get time to do this, so please feel free to take
> this ticket.
New description:
This prevents them knowing both the service and client IP addresses, and
therefore being targets for network traffic logging, sybil, or hacking
attacks.
We need to implement the following checks:
* if the introduction point was made using a direct connection (single
onion services), refuse direct client connections,
* if the rend point was made using a direct connection (custom client, no
tor2web for HSv3), refuse direct service connections (single onion
services).
See #22688 for how this is done for HSDir3s using channel_is_client(). The
comments in that patch explain why it works.
We could even refactor the common code out of
connection_dir_is_anonymous() into connection_is_anonymous(), and avoid
including channel[tls].h into directory.c.
I'm not sure if I will get time to do this, so please feel free to take
this ticket.
--
Comment:
See cddff59c0 in my branch bug22688-031 for code that might work for OR
circuits.
(I accidentally wrote the OR version rather than the directory version.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22689#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list