IP address is not scrubbed in info logs, channel_tls_process_netinfo_cell() AND manpage for SafeLogging overgeneralizes
Here's a log snippet from an
info log I was manually reviewing to scrub before sharing.
[info] channel_tls_process_netinfo_cell(): Got good NETINFO cell from [scrubbed]:443; OR connection is now open, using protocol version 5. Its ID digest is <redacted>. Our address is apparently <redacted>.
In the above,
<redacted> is my notation;
[scrubbed] is from SafeLogging.
(I'm not sure I had to redact the digest, but was just being conservative.)
SafeLogging 1 was set (default).
asn mentioned on #tor-dev that he thinks this is a bug. Some brief notes from asn:
"" : fmt_and_decorate_addr(&my_apparent_addr)); hm yeah that's I think a bug it should be safe_str_client() so weird that no one has mentioned htis before
It's worth noting the manpage for
... If this option is set to 0, Tor will not perform any scrubbing, if it is set to 1, all potentially sensitive strings are replaced. ...
arma advocated for a different resolution:
if i were filing this ticket i would file a "scale back safelogging claims in the man page" ticket :)
(My preference is to scrub the IP address, but I also acknowledge the rabbit hole of trying to scrub anything "sensitive", especially in info/debug logs)