[tor-commits] [tor/master] Deprecate some SocksPort sub-options.
nickm at torproject.org
nickm at torproject.org
Sat Aug 20 00:09:56 UTC 2016
commit f3314aa6e1e307467a684f1477e2af1568a728b6
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Aug 3 12:24:04 2016 -0400
Deprecate some SocksPort sub-options.
---
src/or/config.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/or/config.c b/src/or/config.c
index a5428aa..b6ea089 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6186,6 +6186,20 @@ config_parse_unix_port(const char *addrport, char **path_out)
}
#endif /* defined(HAVE_SYS_UN_H) */
+static void
+warn_client_dns_cache(const char *option, int disabling)
+{
+ if (disabling)
+ return;
+
+ warn_deprecated_option(option,
+ "Client-side DNS cacheing enables a wide variety of route-"
+ "capture attacks. If a single bad exit node lies to you about "
+ "an IP address, cacheing that address would make you visit "
+ "an address of the attacker's choice every time you connected "
+ "to your destination.");
+}
+
/**
* Parse port configuration for a single port type.
*
@@ -6554,21 +6568,27 @@ parse_port_config(smartlist_t *out,
}
}
if (!strcasecmp(elt, "CacheIPv4DNS")) {
+ warn_client_dns_cache(elt, no);
cache_ipv4 = ! no;
continue;
} else if (!strcasecmp(elt, "CacheIPv6DNS")) {
+ warn_client_dns_cache(elt, no);
cache_ipv6 = ! no;
continue;
} else if (!strcasecmp(elt, "CacheDNS")) {
+ warn_client_dns_cache(elt, no);
cache_ipv4 = cache_ipv6 = ! no;
continue;
} else if (!strcasecmp(elt, "UseIPv4Cache")) {
+ warn_client_dns_cache(elt, no);
use_cached_ipv4 = ! no;
continue;
} else if (!strcasecmp(elt, "UseIPv6Cache")) {
+ warn_client_dns_cache(elt, no);
use_cached_ipv6 = ! no;
continue;
} else if (!strcasecmp(elt, "UseDNSCache")) {
+ warn_client_dns_cache(elt, no);
use_cached_ipv4 = use_cached_ipv6 = ! no;
continue;
} else if (!strcasecmp(elt, "PreferIPv6Automap")) {
More information about the tor-commits
mailing list