[tor-bugs] #32088 [Core Tor/Tor]: Proposal 310 - choose guards in sampled order
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 7 11:08:08 UTC 2020
#32088: Proposal 310 - choose guards in sampled order
--------------------------------------+------------------------------------
Reporter: Jaym | Owner: (none)
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.4.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-spec prop271 prop310 | Actual Points:
Parent ID: | Points:
Reviewer: nickm | Sponsor:
--------------------------------------+------------------------------------
Comment (by teor):
Replying to [comment:14 Jaym]:
> The pull request has been updated.
>
> On loading, Tor sets the sampled_idx to the confirmed_idx. That should
keep older clients to behave the same (and not reordering primary guards).
On the next state save, the sampled_idx should be made dense.
>
> Also, the patch applies now ordering when it seems necessary (a couple
of redundant orderings have been removed).
Thanks!
> Also, I was concerned by the fact that Tor assumes integrity of the
state when loading it. If some application has write access to this file,
making the client rotate guards until a chosen one is found shouldn't be
too much of a hard task. Is that kind of threat relevant?
An attacker who can modify files on the local system could do many worse
things. So those attacks are not really part of tor's threat model. To
defend against those kinds of attacks, people should use an amnesiac
system like TAILS.
File corruption is a risk, though. And tor could detect file corruption
earlier with checksums. But that's a different ticket :-)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32088#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list