summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-04-05 16:47:55 -0400
committerDavid Goulet <dgoulet@torproject.org>2017-04-10 13:22:36 -0400
commite5fc02c81c39896a31ee8bb3e26659f917322ed1 (patch)
tree462202f31cca3b375b86d91ae8de2f00e73c9ed5
parent01fc93ffef3843a86710718c12ba9be67dcca2bc (diff)
downloadtor-e5fc02c81c39896a31ee8bb3e26659f917322ed1.tar.gz
tor-e5fc02c81c39896a31ee8bb3e26659f917322ed1.zip
config: Warn if EntryNodes and HiddenService are used together
Pinning EntryNodes along with hidden services can be possibly harmful (for instance #14917 and #21155) so at the very least warn the operator if this is the case. Fixes #21155 Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r--changes/bug211555
-rw-r--r--src/or/config.c14
2 files changed, 19 insertions, 0 deletions
diff --git a/changes/bug21155 b/changes/bug21155
new file mode 100644
index 0000000000..f2a34dbd0f
--- /dev/null
+++ b/changes/bug21155
@@ -0,0 +1,5 @@
+ o Minor bugfixes (hidden service, logging):
+ - Warn user if multiple entries in EntryNodes and at least one
+ HiddenService are used together. Pinning EntryNodes along with an hidden
+ service can be possibly harmful for instance see ticket 14917 or 21155.
+ Closes bug 21155.
diff --git a/src/or/config.c b/src/or/config.c
index 7ae40053ee..809ff499fc 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3510,6 +3510,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
return -1;
}
+ /* Inform the hidden service operator that pinning EntryNodes can possibly
+ * be harmful for the service anonymity. */
+ if (options->EntryNodes &&
+ routerset_is_list(options->EntryNodes) &&
+ (options->RendConfigLines != NULL)) {
+ log_warn(LD_CONFIG,
+ "EntryNodes is set with multiple entries and at least one "
+ "hidden service is configured. Pinning entry nodes can possibly "
+ "be harmful to the service anonymity. Because of this, we "
+ "recommend you either don't do that or make sure you know what "
+ "you are doing. For more details, please look at "
+ "https://trac.torproject.org/projects/tor/ticket/21155.");
+ }
+
/* Single Onion Services: non-anonymous hidden services */
if (rend_service_non_anonymous_mode_enabled(options)) {
log_warn(LD_CONFIG,