[tor-bugs] #27416 [Core Tor/Tor]: Improve descriptor validation in Tor using Stem

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 4 18:07:49 UTC 2018 

#27416: Improve descriptor validation in Tor using Stem
--------------------------+----------------------------------
 Reporter:  teor          |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dirauth   |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by atagar):

 > But the parsing check *still* won't be enough to catch all spec-
 implementation divergences. And that's ok. Sometimes we fix the spec,
 sometimes with fix tor, and sometimes we fix other parsers.

 Yup. Agreed. :P

 > Running stem as an essential part of dirauth operation is a significant
 change in tor's security model. It would require a proposal.

 Agreed, on reflection we shouldn't. In essence there's two directions we
 can take: use stem's validators to **notify (file tickets)** or **enforce
 (block malformed descriptors)**. We do the former nowadays, and should not
 do the later without a lot of thought.

 > If the checks are safe to make public, then send them to tor-consensus-
 health, or create another list.

 Will do! They're safe, the only reason I don't send them to the list is
 because I'm the only person that would likely act upon them. Happy to give
 it a shot.

 There's a few spots where I've created automated notifications that follow
 a certain pattern...

 1. X commonly breaks.

 2. I create a monitor to email me when X occurs.

 3. When X occurs I file a ticket with the network team.

 Honestly malformed descriptors are pretty minor pain point for me. They're
 rare (one crops up every couple months?). I'll give tor-consensus-health@
 a shot, but I have a sinking suspicion I'll still need to file tickets to
 get traction.

 Another more common annoyance for me are tor regressions. Every couple
 weeks the following occurs...

 1. Tor pushes a regression.

 2. Stem's Jenkins test failures email me.

 3. I wait a few days to see if it gets fixed.

 4. When it becomes clear a fix isn't coming I pull and compile the new tor
 codebase.

 5. I reproduce the test failure locally and construct reproduction steps
 that use telnet to take Stem out of the loop.

 6. I file a ticket with the network team to get it addressed.

 To the network team's credit their responsiveness when we get to #6 is
 **fantastic**. Only trouble is that I'd like to take myself out of the
 loop on these both (tor regressions and malformed descriptors).

 For malformed descriptors I'll give tor-consensus-health@ a shot, and
 reopen this if I still need to file a ticket.

 As for tor regressions I've asked the Network team to run tor's stem test
 target prior to pushing but no dice so far. Just dealt with another this
 morning (#27446). Any thoughts on how we can drop me from the loop on
 these?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27416#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list