[tor-commits] [tor/master] Fix #5584 - raise awareness of safer logging - warn about potentially unsafe config options

Mon Jun 24 15:22:55 UTC 2013

commit 10480dff01bece13fabb1d81fa847f95c3e839f0
Author: Marek Majkowski <marek at popcount.org>
Date:   Thu Jun 13 17:29:14 2013 +0100

    Fix #5584 - raise awareness of safer logging - warn about potentially unsafe config options
---
 changes/bug5584 |    4 ++++
 src/or/config.c |   15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/changes/bug5584 b/changes/bug5584
new file mode 100644
index 0000000..a81be00
--- /dev/null
+++ b/changes/bug5584
@@ -0,0 +1,4 @@
+  o Minor features:
+    - Raise awareness of safer logging - notice user of potentially
+      unsafe configuration options: logging above "notice" or
+      clearning SafeLogging flag. Fixes #5584.
diff --git a/src/or/config.c b/src/or/config.c
index e3ffbf2..09cbdcf 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1005,6 +1005,7 @@ options_act_reversible(const or_options_t *old_options, char **msg)
   int set_conn_limit = 0;
   int r = -1;
   int logs_marked = 0;
+  int old_min_log_level = get_min_log_level();
 
   /* Daemonize _first_, since we only want to open most of this stuff in
    * the subprocess.  Libevent bases can't be reliably inherited across
@@ -1153,6 +1154,13 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     control_adjust_event_log_severity();
     tor_free(severity);
   }
+  if (get_min_log_level() >= LOG_INFO &&
+      get_min_log_level() != old_min_log_level) {
+    log_warn(LD_GENERAL, "Your log may contain sensitive information - you're "
+             "logging above \"notice\". Please log safely. Don't log unless "
+             "it serves an important reason. Overwrite the log afterwards.");
+  }
+
   SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
   {
     log_notice(LD_NET, "Closing old %s on %s:%d",
@@ -1335,6 +1343,13 @@ options_act(const or_options_t *old_options)
   }
 #endif
 
+  if (options->SafeLogging_ != SAFELOG_SCRUB_ALL &&
+      (!old_options || old_options->SafeLogging_ != options->SafeLogging_)) {
+    log_warn(LD_GENERAL, "Your log may contain sensitive information - you "
+             "disabled SafeLogging. Please log safely. Don't log unless it "
+             "serves an important reason. Overwrite the log afterwards.");
+  }
+
   if (options->Bridges) {
     mark_bridge_list();
     for (cl = options->Bridges; cl; cl = cl->next) {

