Commit Graph

684 Commits

Author SHA1 Message Date
Nick Mathewson
35892075d0 Edit section 2, compress section 3.
I still need to turn the list of attacks into a paragraph or two
before I move from 3 onto 4.


svn:r690
2003-10-30 00:24:53 +00:00
Paul Syverson
253f60d051 UPdated hostile user assumptions. Other little things.
svn:r689
2003-10-29 11:31:52 +00:00
Roger Dingledine
609edb5108 more work
svn:r688
2003-10-28 21:55:38 +00:00
Paul Syverson
f6eb16e479 A few changes to related work before heading back to CCS.
svn:r687
2003-10-28 11:29:46 +00:00
Paul Syverson
0c9bce8c88 A few tiny tweaks.
svn:r686
2003-10-27 12:05:35 +00:00
Roger Dingledine
5d48aa622a patch the README more for new routers
svn:r685
2003-10-27 10:28:26 +00:00
Roger Dingledine
a27b570788 bugfix for win32 with lots of users
plus general cleanup on switch_id()


svn:r684
2003-10-27 10:26:44 +00:00
Roger Dingledine
42b2f341a4 add a few more new TODO items (bugfixes)
svn:r683
2003-10-27 10:24:27 +00:00
Roger Dingledine
b2c225eab7 circuits, streams, and tagging, o my!
svn:r682
2003-10-27 10:18:20 +00:00
Roger Dingledine
aee3769cf3 remove obsolete config file
svn:r681
2003-10-27 10:09:09 +00:00
Roger Dingledine
2d603ea957 tweaks outside sec4 (couldn't help myself)
svn:r680
2003-10-26 23:49:01 +00:00
Nick Mathewson
57474d772a Revise section 1, remove very throughout.
svn:r679
2003-10-26 22:59:18 +00:00
Nick Mathewson
5432fb02cc Add note about DNS distinguishability attack
svn:r678
2003-10-26 22:58:04 +00:00
Roger Dingledine
acd415628c more circuit design section work
svn:r677
2003-10-26 22:49:07 +00:00
Nick Mathewson
866c449b8d Commit notes from Friday mtg with arma.
svn:r676
2003-10-26 16:25:06 +00:00
Roger Dingledine
b3497f989b crank more on design section
svn:r675
2003-10-26 10:47:49 +00:00
Roger Dingledine
52589289fe add DirBindAddress, parse the BindAddress's when you bind
exit if bind fails
add usage printfs
rearrange config options for readability


svn:r674
2003-10-25 12:01:09 +00:00
Roger Dingledine
8850eb1210 think more about the design section
svn:r673
2003-10-25 11:41:26 +00:00
Nick Mathewson
87969d98f9 Initial changes to intro.
svn:r672
2003-10-24 22:48:26 +00:00
Nick Mathewson
d4ad3bde8c Numerous notes of stuff to do from mtg with Roger; add outline for design section.
svn:r671
2003-10-24 21:18:38 +00:00
Nick Mathewson
28e93f3aa3 Note TODO items; add DROP relay cells
svn:r670
2003-10-24 21:16:43 +00:00
Roger Dingledine
f0a9d0ae8c some scribblings on exit policies
somebody please go turn this into a section


svn:r669
2003-10-24 11:21:19 +00:00
Roger Dingledine
d59864859c and dirservers are better for non-clique situations
svn:r668
2003-10-24 04:09:10 +00:00
Roger Dingledine
b29e29f64a directories are signed so they can be cached elsewhere
svn:r667
2003-10-24 03:39:14 +00:00
Roger Dingledine
b1d8973990 figured out how to make autoconf a bit less viral
(thanks cherub)


svn:r666
2003-10-24 03:27:53 +00:00
Nick Mathewson
faa0f7ffe7 Use daemon(3) function where available.
svn:r665
2003-10-23 14:28:44 +00:00
Nick Mathewson
71e5ad714b resolve warning
svn:r664
2003-10-23 14:27:53 +00:00
Nick Mathewson
6b79d8a7e9 Two-pronged attack at my overzealous skew fixes.
The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often.  In
fact, we never rotate our TLS keys.

This patch fixes the situation in 2 ways:
   1. It bumps the default lifetime back up to one year until we get
      rotation in place.
   2. It changes tor_tls_context_new() so that it doesn't leak memory
      when you call it more than once.


svn:r663
2003-10-23 14:20:51 +00:00
Roger Dingledine
0396449097 add the dirservers section
svn:r662
2003-10-23 11:45:51 +00:00
Paul Syverson
8ee82830b4 Router twins described in intro. Some more stuff in assumptions section.
svn:r661
2003-10-22 22:40:30 +00:00
Paul Syverson
4e3345ff08 Added censorship resistant refs. Answered Roger's key question with
more questions.


svn:r660
2003-10-22 18:58:44 +00:00
Steven Hazel
4fef6f4566 switch_id() no longer tries to log the user name when it's calld on
Windows, since we don't know whether it's the user or the group that
was set.


svn:r659
2003-10-22 17:25:58 +00:00
Nick Mathewson
7604cfe61b Clock skew fixes.
Allow some slop (currently 3 minutes) when checking certificate validity.

Change certificate lifetime from 1 year to 2 days.  Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.

Have directories reject descriptors published too far in the future
(currently 30 minutes).  If dirservs don't do this:
    0) Today is January 1, 2000.
    1) A very skewed server publishes descriptor X with a declared
       publication time of August 1, 2000.
    2) The directory includes X.
    3) Because of certificate lifetime issues, nobody can use the
       skewed server.
    4) The server fixes its skew, and goes to republish a new descriptor Y
       with publication time of January 1, 2000.
    5) But because the directory already has a "more recent" descriptor X,
       it rejects descriptor "Y" as superseded!

This patch should make step 2 go away.


svn:r658
2003-10-22 16:41:35 +00:00
Roger Dingledine
cf2fe9d1da some minor tweaks
svn:r657
2003-10-22 11:30:47 +00:00
Steven Hazel
4139c1c86a - fixed a bug in the id switching code -- setgid has to happen before
setuid, because after we setuid we don't have the priviledges we
  need to setgid anymore, duh.  merged switch_user() and
  switch_group() into switch_id(), since that code has to be wound
  together.

- return -1 from switch_id() if it's not defined to do anything else.

- moved daemoinize(), write_pidfile(), and switch_id() from main.c to
  util.c


svn:r656
2003-10-22 11:21:29 +00:00
Roger Dingledine
c78d5d7d30 play with connection_edge_send_command
maybe more robust now


svn:r655
2003-10-22 09:08:10 +00:00
Roger Dingledine
c35fc271d2 move default exit policy into config files
svn:r654
2003-10-22 07:56:11 +00:00
Roger Dingledine
c6b442a346 make end relay cells have payloads
move default exit policy into config files


svn:r653
2003-10-22 07:55:44 +00:00
Steven Hazel
b1eca56b77 added User and Group options -- if you set them, tor will try to
setuid and setgid respectively, and die if it can't.

(If the User option is set, tor will setgid to the user's gid as well.)

This happens after the pidfile is created, so that in cases where tor
needs to be root to work with the pidfile, it will at least be able to
create it, although it won't be able to delete it.  That sucks, but
it's somewhat better than not being able to create the pidfile in the
first place.


svn:r652
2003-10-22 06:03:11 +00:00
Roger Dingledine
524d63ecc6 todo now reflects what we need to do.
svn:r651
2003-10-22 05:15:08 +00:00
Roger Dingledine
f84cdb9005 force the admin to mkdir the datadirectory himself,
so he gets the permissions right.

also this means clients will never need to make the datadirectory.

also remind the admin to fix his clock before setting up his node.


svn:r650
2003-10-22 04:33:11 +00:00
Roger Dingledine
1bf10257da fill in some lncs numbers
svn:r649
2003-10-21 22:13:18 +00:00
Paul Syverson
ac7a9ccadf Adversary model mostly done? Some other small changes in assumptions et passim.
svn:r648
2003-10-21 21:44:00 +00:00
Nick Mathewson
009f2f6dbb Update .cvsignores to exclude files generated due to recent build improvements
svn:r647
2003-10-21 17:49:52 +00:00
Nick Mathewson
53dca60b13 Add design goals section
svn:r646
2003-10-21 17:43:26 +00:00
Roger Dingledine
24536a65f3 fix error in rendezvous description
svn:r645
2003-10-21 09:50:06 +00:00
Roger Dingledine
0e137e413f APPort is now SocksPort
svn:r644
2003-10-21 09:49:39 +00:00
Roger Dingledine
069227db5b introduce new tor_free() macro
svn:r643
2003-10-21 09:48:58 +00:00
Roger Dingledine
e4127e4d36 move closer to being able to reload config on HUP
rename APPort to SocksPort
introduce new tor_free() macro


svn:r642
2003-10-21 09:48:17 +00:00
Roger Dingledine
80d428b225 remove obsolete config file
svn:r641
2003-10-21 09:22:38 +00:00