Re: [Tails-dev] Please review and test feature/tordate

Borrar esta mensaxe

Responder a esta mensaxe
Autor: anonym
Data:  
Para: The Tails public development discussion list
Asunto: Re: [Tails-dev] Please review and test feature/tordate
10/05/2011 11:18 AM, intrigeri:
>
>> When I noticed this I talked about it with nickm and Sebastian on
>> #tor. The real fix is that Tor should rewrite unverified-consensus
>> into cached-consensus whenever it's reloaded and successfully
>> verified. Until that is fixed it should be safe to do the renaming
>> when Tor is not running.
>
> Ok, great!
>
> I'd like to understand better the "should be safe" assertion.
> Other than valid time, what conditions are needed for Tor to consider
> a consensus as "verified"?


From my skim of the Tor sources it seems:

1. In the beginning of Tor's main, before the loop, we call
router_reload_consensus_networkstatus() (main.c:1809).
2. router_reload_consensus_networkstatus() (networkstatus.c:211) first
tries to load one of the following from disk, in order:
cached-consensus, unverified-consensus,
$PREFIX/share/tor/fallback-consensus(). If none of them exist, it tries
to fetch a new one from the hard coded authorities (config.c:875). No
matter which happens, Tor will do the same thing when loading the
consensus: Make sure it's parseable, and make sure it's "signed enough"
(their wording :)). It seems the name is irrelevant.

If it's of any reassurance, here's the log from the discussion:

(20:42:00) anonym: would it be safe to mv unverified-consensus
cached-consensus?
(20:42:57) Sebastian: yes, while tor isn't running definitely
(20:43:06) nickm: We do re-parse consensuses on load, and re-check
signatures.
(20:43:16) nickm: But I wouldn't do that just to make yourself feel better
(20:43:31) nickm: We don't guarantee that it's safe to do, and it's
probably better to teach Tor to move the file
(20:45:16) Sebastian: is the unverified-consensus file only for debugging?
(20:45:33) nickm: nope
(20:45:40) nickm: We can try loading from it later, I think.
(20:45:54) nickm: But we only use it if we can verify it

>> I guess it will work for now, but the assumption of tor_is_working()
>> will be incorrect when /var/lib/tor is made persistent as we may
>> have a cached-descriptors from a previous Tails run.
>
> Right. This would be worth adding somewhere we'll see it when this
> gets implemented.


To start with I filed a bug for it:

    https://trac.torproject.org/projects/tor/ticket/4187