[tor-bugs] #32794 [Core Tor/Tor]: improve OOS (out-of-sockets) handler victim selection and more
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 6 20:23:03 UTC 2020
#32794: improve OOS (out-of-sockets) handler victim selection and more
--------------------------+------------------------------------
Reporter: starlight | Owner: (none)
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor | Version: Tor: 0.4.2.5
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: nickm | Sponsor:
--------------------------+------------------------------------
Comment (by nickm):
Hi! I have some comments on the code, but before I get to them, we should
talk about the approach.
The new algorithm seems to be
1. Always keep OR-to-OR connections; always keep directory connections.
Only inspect client-to-guard and exit connections.
2. When discarding connections, discard those that were created most
recently.
Is that right? If so, I wonder if there is some way that attacker can
exploit this by making a bunch of directory connections, if our directory
port is open. Maybe we should consider CONN_TYPE_DIR as well.
I also wonder if the attacker can reduce our number of available sockets
by simply attempting a socket exhaustion attack. We'll kill off some of
their connections, but we won't kill them all. If the attacker preserves
the ones that we don't kill, they will always survive instead of any newer
connections that we receive in the future. Can we do any better than
this?
(Once we're in agreement here, we should describe the algorithm we want to
follow in a patch to tor-spec.txt, so that the correct behavior is
documented.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32794#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list