Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 313
    • Issues 313
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 34
    • Merge requests 34
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #19060
Closed
Open
Created May 15, 2016 by teor@teor

Should SafeLogging hide bridge IP addresses in logs?

Bridge relay operators sometimes post logs containing their bridge's IP address.

We could make this less likely by making SafeLogging 1 (the default) filter bridge IP addresses in messages like:

  • "Your server (%s:%d) has not managed to confirm that its ORPort is reachable" ...
  • "Your server (%s:%d) has not managed to confirm that its DirPort is reachable" ...
  • "Now checking whether ORPort %s:%d"...
  • "and DirPort %s:%d"
  • anything else that lists a bridge's IP or fingerprint

This could be implemented by creating safe_str_bridge and escaped_safe_str_bridge similar to safe_str and escaped_safe_str, but with a check if BridgeRelay is 1 as well. It would also need a tor manual page update that says that we escape bridge information when SafeLogging is anything besides "0".

Or, we could add "bridge" to the options for SafeLogging, but that seems over-complicated, because we'd have to define 1 vs relay vs bridge semantics in a way that makes sense.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking