[tor-bugs] #5229 [Ooni]: ooni-probe/bridget should make sure that random port numbers are not already taken
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Feb 25 15:05:53 UTC 2012
#5229: ooni-probe/bridget should make sure that random port numbers are not
already taken
---------------------+------------------------------------------------------
Reporter: karsten | Owner: hellais
Type: defect | Status: new
Priority: normal | Milestone:
Component: Ooni | Version:
Keywords: | Parent: #5028
Points: | Actualpoints:
---------------------+------------------------------------------------------
Comment(by rransom):
Replying to [comment:4 karsten]:
> Replying to [comment:2 rransom]:
> > The plugin should use `SocksPort auto` and `ControlPort auto`.
>
> That might work, too. We probably don't want to run Tor versions before
0.2.2.26-beta, do we?
Hopefully not. 0.2.1.x is no longer supported, and we have had security
bugfixes on the 0.2.2.x branch since it became stable.
> > > The directory name generation could also be improved, e.g., by using
an internal counter.
> >
> > Or generate a random string containing at least 128 bits of entropy.
(Use a real random number generator for this.)
>
> In theory, there's no need to introduce a random component here. A
single thread creates these directories.
In practice, `datadir_basename =
base64.b32encode(foozerkit.randombytes(16)).lower()` is simpler, and thus
easier and less likely to break, than the non-random approaches you had in
mind. (See my safecookie-python tor-utils branch for the `randombytes`
function if you don't already have one.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5229#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list