logs archiveIRC Archive / Oftc / #tor / 2010 / February / 26 / 1
nsa
or: Nick Mathewson <nickm@torproject.org>: 2010-02-25 22:00:14 [tor/master]: For integers, if !(E<G), then we can infer that E>=G.
or: Nick Mathewson <nickm@torproject.org>: 2010-02-25 22:02:02 [tor/master]: add .exe files to gitignore
outofwords
Why "directory-footer" isn't token like T01("directory-footer", K_FOOTER_DIR, NO_ARGS, NO_OBJ)
NemesisD
nickm: i have not, this is my first exercise in socket programming tbh
im probably missing some sort of write close method for ruby's socket library but the stdlibs that do OS level stuff are horribly documented
mikeperry
outofwords: because it only marks the start of the footer region. We don't need to actually parse any of its arguments as a keyword value
nickm: what do you think about that choice? should it have still been present in the parsing table for completeness?
outofwords
NO_ARGS
it must be token, it's control item
nickm
mikeperry: Generally it's cleaner IMO to leave stuff in the table than not.
mikeperry
nickm: which table should it go in then?
nickm
whatever one we actually use to parse vote/consensus footers
networkstatus_vote_footer_token_table looks promising
(Action) has to run off for a while; online later tonight
mikeperry
ok
I've got a diff for the footer token thing
I'll push it out in 1 sec, then I gotta take off for a bit too
ok, mikeperry/dirfooter
         

outofwords
then find_start_of_next_routerstatus() should not increment pointer to len of "directory-footer", and that token need to be find_by_keyword()
and mainly need to choice one of: or networkstatus_parse_vote_from_string() should checks for K_CONSENSUS_METHOD and presense of K_DIRECTORY_FOOTER, or find_start_of_next_routerstatus() must returns min(pointer_to_r, pointer_to_footer, pointer_to_signature)
right now find_start_of_next_routerstatus() is timebomb, fortunatly time works for us.
or not for us, huh eos2 += strlen("\ndirectory-footer"); where last '\n'? I can append any number or statuses to #8 method consensus.
ah no. thats right. but appends of bw numbers can happens.
Here my exploit, takes one #8 consensus append directory-footer, bandwidth-weights with those bunches of bw#$@ eq 0, all signatures. send it to client, it crashes. if all auths upgrades, then client with such code still affected without non modified current_consensus.
if attacker a little smarter than number can be precomputed, the same whay as all statuses sorted and determinated in memory.
houston ping ping, my fuel is out.
formalist
older versions of tor require "authenticate" to have an argument.
viz. 'authenticate ""'
(for null)
Karalyn
Can someone tell me where I can find instructions on using MIRC through Vidalia proxy?
nsa
or: sebastian committed revision 21757 (/projects/todo): backport fixes for 1254, 1255, 1256
or: sebastian committed revision 21758 (/projects/todo): should we backport the weight routers by bw fix?
or: Nick Mathewson <nickm@torproject.org>: 2010-02-26 06:02:20 [tor/master]: Don't believe unauthenticated info in a consensus.
or: sebastian committed revision 21759 (/projects/todo): add notes that arma thinks we shouldn't weight all circuits by bandwidth
outofwords
man, 1e1d471002c976477919b2e41fbe62457998e5c0 is kludge for bugged find_start_of_next_routerstatus(). what happened to devs?
mikeperry
outofwords: we concluded that the problem was a signature verifcation one, not the \n issue
it was hard to decipher what you meant, and you disappeared
outofwords
next step is declare footer as T1N with GE(0)
but now you treat footer as bug
min(all not of null pointers) still valid
I mean find_start_of_next_routerstatus() must be rewriten with 1e1d471002c976477919b2e41fbe62457998e5c0
nickm
outofwords: I don't understand what you are saying
mikeperry
which is to say we don't believe you are wrong, we just need help crossing the apparent language barrier
nickm
mikeperry: you mean "which is _not_ to say", surely?
mikeperry
"which is not to say we believe you are wrong, we just need help crossing the apparent language barrier"
outofwords has been right most of the time so far, I was giving him the benefit of the doubt :)
outofwords
hah 1e1d471002c976477919b2e41fbe62457998e5c0 still bypasses modified consensus.
nickm
Do you mean, "There is still a way to modify a consensus and have the signature get accepted as valid"?
If so, how?
oh.
Maybe I get it.
outofwords
it's worse. it's brokes all K_DIRECTORY_SIGNATURE is T() and you treat it like only GE(1)
nickm
huh?
mikeperry
I think he might mean the \n is causing it to absorb an extra argument? though I don't see how
sebastian
we also segfault during parsing with the latest commit on master
outofwords
no
"it's brokes all"
nickm
"it's brokes all" makes no sense in English
I don't know what you mean
"Everything is broken" ?
"It breaks everything"
?
sebastian
(branch segfault in my repo has the trivial fix)
         

nsa
or: Sebastian Hahn <sebastian@torproject.org>: 2010-02-26 07:00:56 [tor/master]: Don't segfault when checking the consensus
mikeperry
outofwords: we may need to resort to either an example consensus that could break the code, or a patch
outofwords
now it's always warns
for valid consensus even
nickm
I'm running the code, and it doesn't warn for me. What warnings are you seeing?
(Action) needs to sleep soon. I should be awake in less than 6 hours
mikeperry, sebastian: please let me know what you can figure out here, especially if it includes a patch
mikeperry
I will do my best
sebastian
same here
hm.
nickm
(Action) needs to spend more time in a time zone several hours to the west
good night
sebastian
rest well
mikeperry
tears, he's gone'
outofwords, that is
sebastian
yeah
that's my "hm." ;)
mikeperry
ah, I ignore joins, parts and quits
outofwords
now it warns with valid #9 consensus, isn't?
mikeperry
how are you determining this? where does it warn?
outofwords
(Action) determinates it in brain
mikeperry
ok cool, where does it warn?
outofwords
"Extraneous token after first directory-signature"
if no warns, then it's useless anyway
mikeperry
it should only warn if there is extra stuff after the directory-signature that isn't signed
which should not happen via the authorities, and should only happen via a MITM
outofwords
but find_start_of_next_routerstatus() returns pointer to faked footer, so tokenize() and next checks will find a "valid" sequence of tokens.
directory mirror do not needs mitm
client parses #8 with such code right now.
mikeperry
are you saying that the \n causes us to insert an extra token with K_OPT or some other bad keyword?
that then always causes the warn?
outofwords
no, please forgot '\n'
imagine client and #8 with appended footer of #9
sebastian
am I stupid, or does the code nickm added not work at all? The "else if" should make this never happen.
(What I mean is, doesn't the code never warn?)
ah, heh.
yeah, I'm stupid.
outofwords
sebastian: it works if sequence of tokens is broken
sebastian
outofwords: yeah, I messed it up in my head ;)
outofwords
but it useless anyway
mikeperry
outofwords: can you pastebin a sample consensus like you're talking about? I'm having a hard time guessing which fields from the footer of #9 should be included where in the #8 document
it doesn't have to be a full one, just the relevant fields in the right order
nsa
or: Karsten Loesing <karsten.loesing@gmx.net>: 2010-02-26 07:37:48 [ernie/master]: Don't break when reading corrupt file.
mikeperry
I am getting tired. its getting harder for me to work through this code and also try to guess exactly what you mean at the same time
sebastian
outofwords: so you spoke about find_start_of_next_routerstatus(). Is that broken even when the consensus is valid?
outofwords
ok, after auths will produce #9 it all become harmless. (if no real mitm). no need panic, waits till that moment.
sebastian
Well, we should be resilient to real mitm
mikeperry
oh, hrmm... I think I at least see what you might have meant
sebastian
enlighten me?
mikeperry
well he's talking about a new client running master that recieves a #8 consensus that is altered by inserting a directory-footer string somewhere
outofwords
yeah.
mikeperry
I still am trying to figure out where it could be instered to cause us to break. I am really tired and could really use an example consensus
even a 3 line one
just to get the ordering right
sebastian
ah. I thought we were talking about strictly valid consensuses only atm
outofwords
(Action) properly messed all stuff
sebastian
I guess I should spend more time with the spec and consensus parsing -.-
mikeperry
I still don't see how this will cause us to break. at worst it could cause us to ignore a weight line or some other junk that migth get thrown in there
before the inserted directory-footer line
outofwords: I really would like to go to sleep soon. can you please provide a 3-4 line example consensus that breaks us here?
outofwords
if all Wd* = 0 then weighted_bw = 0, and it asserted during crypto_rand_uint64(). but 0 is simplest harms.
mikeperry
I am not going to make it much longer
it seems like we should ignore that though
unless there is some ordering that causes us to parse and compute it
I don't see it though
outofwords
that because find_start_of_next_routerstatus() is kludge. it's very difficult to parse all consensus stuff by human.
mikeperry
yeah. I dislike that function too. its doing too much
ok, so I think I see how we could be fooled into also parsing the weight line
but the signature should then fail before we do anything with the weights, right?
outofwords
no
mikeperry
the signature will still be computed for everything up to directory-signature
outofwords
faked footer doesn't affect hash
[#8 consensus]+"\ndirectory-footer\n"+"bandwidth-weights Wgg=0\n"+all_signatures
mikeperry
ah, so it's after the last directory-signature from #8.
yah
that's what I was looking for
that makes sense
the all_signatures could even be garbage signatures
outofwords
no it's must be valid
mikeperry
oh, valid #8 signatures
man I'm tired. maybe I should become nocturnal again
outofwords: thanks. I've relayed that to nick to see if he has a good plan to clean up find_start_of_next_routerstatus() and break out that footer delimiter into a proper keyword whose position is verified
ultramage
ah, the joys of parsing
konss
d
anyone know how to make text larger in pidgin?
the obvious way trough options does not work
sebastian
konss: you might want to try a pidgin support channel. This is #tor ;)
konss
i can not
because the bastards are on the freenode
and freenode hates tor because it prevents people from being tracked
ultramage
google pidgin make text larger ?
or text size
you could also use some web-portal thingy that allows tor (maybeh)
ah, he left -.-
grumpy3
hi everybody!
is it bad?
16:35:19 [WARN] Can't return context-sensitive 'HiddenServicePort' on its own
16:35:19 [WARN] Can't return context-sensitive 'HiddenServiceDir' on its own
got that yesterday after a reboot of the node
dun
are you using arm?
or any other tool for querying your node using control-spec?
sebastian
grumpy3: no, it's not bad. It's an arm bug
grumpy3
yes, using arm. Okay thanks :)
sebastian
grumpy3: I think a new fix should be in svn already
erm, s/new//
grumpy3
ok thanks, have to update it
outofwords
a tokens of dir_key_certificate_table must be sanitized too, so K_DIR_KEY_CERTIFICATE_VERSION need define as T1_START and K_DIR_KEY_CERTIFICATION as T1_END
"At start, exactly once." "At end, exactly once." 3.1 dir-spec.txt
dir-address can be appended to cert right now, if no valid one.
ah, can it broke votes?
CERTIFICATE_MEMBERS was inserted at networkstatus_token_table. start and end brokes votes. fatal error.
hisuiIBMPower4
hello!anyone here?
is the get bridge services down?
Pr3nt1c3
Ok, I've read through the install twice, and downloaded everything. I've set up my keys, and the repos. Last time I tried the install I ended up somehow blocking my own 'net conn. anyone got time to assist?
to keep it simple (and hopefully less n--b) I figure I either neet to set some IP tables (which I'm clueless about) or I need to learn how to configure my firewall properly with a proxy (clueless)
hisuiIBMPower4
find a copy of torpotable no need for instal
Pr3nt1c3
I'll look into it... thx
hisuiIBMPower4
btw do u use router?
bigstonebang
Phobos I have been looking to download poplio in a separate package. I was wondering what is the difference between the packages you provided on http://www.pps.jussieu.fr/~jch/software/polipo/
particularly what do you mean by "forbidden" and "with mods"
dr|z3d
The forbidden variant of polipo comes with a rudimentary site blacklist feature.
As for "with mods", I'll hazard a guess and suggest that might me chrisd's ehnacencements.
s/me/be
Pr3nt1c3
oh, and on last install I somehow ended up with both privoxy and polipo
that was prob's the issue eh?
just checked my logs
dr|z3d
Quite probably; they both listen on 8118.
(at least the Tor variant of Polipo does)
Pr3nt1c3
(Action) has been checking logs for >>15mins now
dr|z3d
What's listening on 8118 now Pr3nt1c3?
Pr3nt1c3
nothing.... it's closed
wanted to figure it out before I began it all again
dr|z3d
If you need to run both, make sure one of them doesn't listen on 8118. Polipo by default ran on 8123 until it got tor'd.
Pr3nt1c3
I appreciate that historical tidbit... now I can run both!
(Action) is glad we're not living in the good old days <a rel="nofollow" href="http://home.claranet.nl/users/pb0aia/vax/index.html">http://home.claranet.nl/users/pb0aia/vax/index.html</a>
so I guess I should keep polipo on 8118 and move privoxy to 8123
outofwords
heh. found kludges that prevents faked cert. why need general of t1_start if we can strcmp it "manually" every time. amen.
« prev 1 2 3 4 next »