From 0c807cf3e48cca5f4f93e8b1082bd62f2978cba4 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Sep 2013 12:14:07 -0400 Subject: Document that disabledebuggerattachment prevents cores --- doc/tor.1.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc/tor.1.txt') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 732a7790d9..d53ff2e695 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -358,7 +358,8 @@ GENERAL OPTIONS **DisableDebuggerAttachment** **0**|**1**:: If set to 1, Tor will attempt to prevent basic debugging attachment attempts - by other processes. It has no impact for users who wish to attach if they + by other processes. This may also keep Tor from generating core files if + it crashes. It has no impact for users who wish to attach if they have CAP_SYS_PTRACE or if they are root. We believe that this feature works on modern Gnu/Linux distributions, and that it may also work on *BSD systems (untested). Some modern Gnu/Linux systems such as Ubuntu have the -- cgit v1.2.3-54-g00ecf From f8b44eedf725cadb15c3a0ad1bc5a0fa1dbbc21d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 17 Sep 2013 18:05:48 -0400 Subject: Get ready to stop sending timestamps in INTRODUCE cells For now, round down to the nearest 10 minutes. Later, eliminate entirely by setting a consensus parameter. (This rounding is safe because, in 0.2.2, where the timestamp mattered, REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.) --- changes/no_client_timestamps_024 | 9 +++++++-- doc/tor.1.txt | 9 +++++++++ src/or/config.c | 1 + src/or/or.h | 3 +++ src/or/rendclient.c | 20 +++++++++++++++++++- 5 files changed, 39 insertions(+), 3 deletions(-) (limited to 'doc/tor.1.txt') diff --git a/changes/no_client_timestamps_024 b/changes/no_client_timestamps_024 index 6df530743d..fe8f419273 100644 --- a/changes/no_client_timestamps_024 +++ b/changes/no_client_timestamps_024 @@ -1,5 +1,10 @@ - o Minor features (security): + o Minor features (security, timestamp avoidance, proposal 222): - Clients no longer send timestamps in their NETINFO cells. These were not used for anything, and they provided one small way for clients to be distinguished from each other as they moved from network to - network or behind NAT. + network or behind NAT. Implements part of proposal 222. + - Clients now round timestamps in INTRODUCE2 cells to the nearest + 10 minutes. If a new Support022HiddenServices option is set to 0, + or if it's set to "auto" and the feature is disabled in the consensus, + the timestamp is sent as 0 instead. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index d53ff2e695..ff760d41ab 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1338,6 +1338,15 @@ The following options are useful only for clients (that is, if Tor will use a default value chosen by the directory authorities. (Default: -1.) +**Support022HiddenServices** **0**|**1**|**auto**:: + Tor hidden services running versions before 0.2.3.x required clients to + send timestamps, which can potentially be used to distinguish clients + whose view of the current time is skewed. If this option is set to 0, we + do not send this timestamp, and hidden services on obsolete Tor versions + will not work. If this option is set to 1, we send the timestamp. If + this optoin is "auto", we take a recommendation from the latest consensus + document. (Default: auto) + SERVER OPTIONS -------------- diff --git a/src/or/config.c b/src/or/config.c index 4e08f3c3a5..18f1c29501 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -388,6 +388,7 @@ static config_var_t option_vars_[] = { V(SSLKeyLifetime, INTERVAL, "0"), OBSOLETE("StatusFetchPeriod"), V(StrictNodes, BOOL, "0"), + V(Support022HiddenServices, AUTOBOOL, "auto"), OBSOLETE("SysLog"), V(TestSocks, BOOL, "0"), OBSOLETE("TestVia"), diff --git a/src/or/or.h b/src/or/or.h index 8c6c1e3635..eff5a6d2b4 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4099,6 +4099,9 @@ typedef struct { /** How long (seconds) do we keep a guard before picking a new one? */ int GuardLifetime; + + /** Should we send the timestamps that pre-023 hidden services want? */ + int Support022HiddenServices; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 7115bf2080..9d48b9ce99 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -16,6 +16,7 @@ #include "connection_edge.h" #include "directory.h" #include "main.h" +#include "networkstatus.h" #include "nodelist.h" #include "relay.h" #include "rendclient.h" @@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ) return result; } +/** Return true iff we should send timestamps in our INTRODUCE1 cells */ +static int +rend_client_should_send_timestamp(void) +{ + if (get_options()->Support022HiddenServices >= 0) + return get_options()->Support022HiddenServices; + + return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1); +} + /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell * down introcirc if possible. */ @@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc, REND_DESC_COOKIE_LEN); v3_shift += 2+REND_DESC_COOKIE_LEN; } - set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL))); + if (rend_client_should_send_timestamp()) { + time_t now = (uint32_t)time(NULL); + now += 300; + now -= now % 600; + set_uint32(tmp+v3_shift+1, htonl(now)); + } else { + set_uint32(tmp+v3_shift+1, 0); + } v3_shift += 4; } /* if version 2 only write version number */ else if (entry->parsed->protocols & (1<<2)) { -- cgit v1.2.3-54-g00ecf