Commit e5fc02c8 authored by David Goulet's avatar David Goulet 🐼
Browse files

config: Warn if EntryNodes and HiddenService are used together



Pinning EntryNodes along with hidden services can be possibly harmful (for
instance #14917 and #21155) so at the very least warn the operator if this is
the case.

Fixes #21155

Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
parent 01fc93ff
Loading
Loading
Loading
Loading

changes/bug21155

0 → 100644
+5 −0
Original line number Diff line number Diff line
  o Minor bugfixes (hidden service, logging):
    - Warn user if multiple entries in  EntryNodes and at least one
      HiddenService are used together. Pinning EntryNodes along with an hidden
      service can be possibly harmful for instance see ticket 14917 or 21155.
      Closes bug 21155.
+14 −0
Original line number Diff line number Diff line
@@ -3510,6 +3510,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
    return -1;
  }

  /* Inform the hidden service operator that pinning EntryNodes can possibly
   * be harmful for the service anonymity. */
  if (options->EntryNodes &&
      routerset_is_list(options->EntryNodes) &&
      (options->RendConfigLines != NULL)) {
    log_warn(LD_CONFIG,
             "EntryNodes is set with multiple entries and at least one "
             "hidden service is configured. Pinning entry nodes can possibly "
             "be harmful to the service anonymity. Because of this, we "
             "recommend you either don't do that or make sure you know what "
             "you are doing. For more details, please look at "
             "https://trac.torproject.org/projects/tor/ticket/21155.");
  }

  /* Single Onion Services: non-anonymous hidden services */
  if (rend_service_non_anonymous_mode_enabled(options)) {
    log_warn(LD_CONFIG,