GitLab

A lot of relay operators run tor from git for various reasons. These relay operators don't get the advantage of distribution log rotation, and can unknowingly leave tor running at low log level for long periods while running test branches. In some cases, SafeLogging may also be disabled.

Presumably, since they are running git, they are upgrading often. Based on this assumption, an easy fix should be to just change the default log file open mode from O_APPEND to O_TRUNC if the loglevel is below notice, and/or if SafeLogging is off.

Of course, a better fix is to implement our own log rotation. I don't think the corner case is that important. It is a non-default config that makes it risky** in the first place.

Thanks to Marcia Hofmann @ EFF for pointing this out.

** (The reason it is risky is not because logs are terribly dangerous to anonymity in their current form, but moreso because logs can be such a false path due to the multiplexing of circuits over TLS.)