[tor-bugs] #24104 [Core Tor/Tor]: Delay descriptor bandwidth reporting on large relays

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 3 15:10:13 UTC 2018


#24104: Delay descriptor bandwidth reporting on large relays
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  juga
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  unspecified
 Severity:  Normal                               |     Resolution:
 Keywords:  034-backport-maybe, 033-backport-    |  Actual Points:
  maybe, 032-backport-maybe, 031-backport-       |
  maybe, 029-backport-maybe, security-low,       |
  guard-discovery-stats, chutney-wants, bwauth-  |
  wants, 034-triage-20180328,                    |
  034-removed-20180328, tor-bwauth               |
Parent ID:  #25925                               |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:
     guard-discovery-stats, chutney-wants, bwauth-wants,
     034-triage-20180328, 034-removed-20180328, tor-bwauth
     =>
     034-backport-maybe, 033-backport-maybe, 032-backport-maybe, 031
     -backport-maybe, 029-backport-maybe, security-low, guard-discovery-
     stats, chutney-wants, bwauth-wants, 034-triage-20180328,
     034-removed-20180328, tor-bwauth
 * version:   => Tor: unspecified
 * type:  enhancement => defect
 * milestone:  Tor: unspecified => Tor: 0.3.5.x-final


Comment:

 This is a low-severity security issue because bandwidth spike reporting
 enables guard discovery attacks.

 We might want to backport it to 0.2.9, so please base the branch on 0.2.9.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24104#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list