[tor-bugs] #29989 [Core Tor/Tor]: Add a flag to set chosen_exit_optional to false for MapAddress torrc option (and controller?)

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 10 05:11:23 UTC 2019 

#29989: Add a flag to set chosen_exit_optional to false for MapAddress torrc option
(and controller?)
-------------------------------------------------+-------------------------
 Reporter:  babyfarkmcgeezaxxon                  |          Owner:  (none)
     Type:  enhancement                          |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.5.8
 Severity:  Normal                               |     Resolution:
 Keywords:  security-low?, tor-client, tor-exit  |  Actual Points:
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Hi,

 It seems like you're really frustrated.
 I understand your concerns about this missing documentation and feature in
 Tor.

 But we've all been pretty busy lately, so it's been hard to respond to
 everything.
 We've had a lot of bugs to fix, and features to implement.
 And many of them have been more important than this ticket.

 Please be patient with us.

 And please try to keep your focus on helping us fix the issue.
 Telling us how to do our jobs, doesn't actually help us do our jobs.
 And if we have to read through a bunch of unrelated information, then it's
 harder for us to work out what needs to be done.

 Replying to [comment:6 babyfarkmcgeezaxxon]:
 > I make a living fixing bugs.  We don't require a stack trace unless we
 are having trouble reproducing the issue.  In this case, have TOR devs
 made any attempt to reproduce it?  I suspect it's very easily reproducible
 using the instructions I gave.

 I didn't ask for a stack trace, I asked for your logs, so I could confirm
 what your tor client was doing:

 > > We'll need to see your tor logs to work out what's going on here.

 I don't know which operating system you're using, so there are a few
 different places your logs could be.

 But if you're using a Unix variant, they might be in /var/log/tor/log.
 Or they might just be in your syslog.
 It depends on the tor package you're using.

 > Why can't I manually specify an exit node that was selected by ayefiles?
 We know those nodes are allowed to connect to ayefiles.  What is going on
 here?  This seems like a serious issue, but no TOR dev is responding to
 it?

 I last responded less than a week ago, with a diagnosis, a fix, and a
 request for more information.
 We just don't have the capacity to respond more frequently right now.

 > What I'm not understanding is TOR must be involved in the selection of
 the exitnode, so how does ayefiles allow a particular node when it picks
 it, but not when I select it?  And how is it "picking it" in the first
 place?  This is very maddening that I can't force the use of the very exit
 node that I saw a website using.

 I offered a diagnosis in my first comment:

 > > It looks like you want chosen_exit_optional set to false, but we don't
 have a torrc option flag for that yet.

 And then asked for your logs, so I could confirm the issue.

 I also changed the title of the ticket to a feature request, which is what
 you asked for in the ticket description:

 > Finally, if for some reason this is "expected behavior" (though I can't
 fathom how) please change this to a feature request to add a way to
 specify a single exit node in a similar way to MapAddress, except that
 can't be hacked.

 I've opened #30110 for the torrc MapAddress, and #30111 for the control
 port MapAddress.
 I don't know when we'll implement these features.
 They're not requested very often, so it might take us some time.

 > I thought I'd get this fixed or at least a great explanation of the
 problem when I managed to describe explicitly how to reproduce it, but
 now, nothing, except how to access DDG through onion.

 This is a public bug tracker. Anyone can post here.

 In particular, the cypherpunks account is a shared anonymous account, so
 those comments may or may not be from a Tor developer.

 You also got a reasonable answer on StackExchange:

 > > > StrictNodes does not apply to ExitNodes

 https://tor.stackexchange.com/a/19648/23691

 But unfortunately, the StackExchange commenter did not know that there is
 no StrictNodes equivalent for MapAddress, and the default action for
 MapAddress is to find another working exit. That's understandable, because
 it's not documented in the man page.

 I opened #30109 so we document this behaviour in the man page.
 We should be able to update the documentation soon.

 In general, Tor tries to use the nodes configured by the operator, but
 will fall back to using a random, working node. Sometimes we have "strict"
 options that tell Tor to fail if it can't use those exact nodes. But we
 usually don't do strict by default, because users get confused and stop
 using Tor.

 Also, we have removed some similar node-choosing options in the past,
 because using a restricted set of nodes tends to compromise user
 anonymity. Which is another reason to fall back to a working node.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29989#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list