[tor-bugs] #16824 [Core Tor/Tor]: Emit a warning message about side channel leaks when using relays as clients

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 17 03:14:55 UTC 2018 

#16824: Emit a warning message about side channel leaks when using relays as
clients
-------------------------------------------------+-------------------------
 Reporter:  starlight                            |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.6.10
 Severity:  Normal                               |     Resolution:
 Keywords:  mike-can, tor-client tor-relay       |  Actual Points:
  sidechannel logging easy                       |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 Two thoughts:

 (A) We're only doing this log message if they *use* the socksport, right?
 Otherwise every relay will get this log message by default, unless they
 change their SocksPort line, even if they *aren't* "attempting to use Tor
 for both relay and client functionality"?

 (B) I'm still unclear on what attack we're talking about here. In the
 earlier bug, #16585, there was some bug where relay cells would get
 unnecessarily starved when the client goes wild trying to build circuits
 that all fail? So in that case maybe it's the relay bandwidth *graphs*
 that give things away? But if there weren't graphs, you might still be
 able to send a constant rate of traffic through the relay and see when it
 slows down? But even if it's not a relay at all, and even if we fixed the
 starvation bug, you might be able to send ping packets toward the
 suspect's IP address, and see a slow-down when there's competing client
 activity?
 https://www.freehaven.net/anonbib/#remote-traffic-pets12
 So it seems weird to me to have a warning message on one particular
 situation -- and a situation that seems more of a bug we can actually fix
 -- but not in all the other situations that can be bad too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16824#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list