Skip to content
This repository has been archived by the owner on Oct 16, 2023. It is now read-only.

Exitmap only scans relays that allow exiting AND thus have an exitflag, but #13

Closed
thejustaguy opened this issue Nov 4, 2014 · 8 comments
Closed

Exitmap only scans relays that allow exiting AND thus have an exitflag, but #13

thejustaguy opened this issue Nov 4, 2014 · 8 comments

Comments

@thejustaguy
Copy link

If a relay only allows exiting to port 80, and thus doesn't get an exit flag, exitmap won't scan it, and it won't get checked for .exe patching when i'm scanning with https://github.com/leviathansecurity/exitmap/blob/master/src/modules/patchingCheck.py
@secretsquirrel
Copy link

Are you getting a particular error message? If so, paste it in.

@arlolra
Copy link
Contributor

arlolra commented Nov 5, 2014

They're pointing out this:
https://github.com/NullHypothesis/exitmap/blob/master/src/relayselector.py#L88-L89

Exitmap should check if a relay allows any exiting, not just that it has the exit flag. I think the tor client will use any relay that satisfies its exiting requirements under certain conditions.

@NullHypothesis
Copy link
Owner

Exitmap should check if a relay allows any exiting, not just that it has the exit flag. I think the tor client will use any relay that satisfies its exiting requirements under certain conditions.

That sounds like a good solution to me.

In addition, we should log a warning if a relay allows exiting but does not have the "Exit" flag.

If anyone wants to write a patch, please do so. I might be able to fix that in a week or so.

NullHypothesis added a commit that referenced this issue Nov 7, 2014
@NullHypothesis
Select all relays which allow any exiting.
1dd2eab 
Previously, we would only select relays which have the exit flag.
However, there is a number of relays which allow some form of exiting
while not having earned the exit flag.  We want to scan those, too.

This fixes <#13>.
@NullHypothesis
Copy link
Owner

This is now fixed in commit 1dd2eab.

Interestingly, right now there are 251 relays with some sort of exit policy which don't have the exit flag.

Thanks for reporting this, justaguyprojects!

@arlolra
Copy link
Contributor

arlolra commented Nov 7, 2014

@NullHypothesis I'd be careful here. This (stem's is_exiting_allowed()) seems susceptible to the same problem as in #4 (complex exit policies are summarized as reject *).

NullHypothesis added a commit that referenced this issue Nov 8, 2014
@NullHypothesis
Refactor exit selection process.
ed94d16 
The previous commit did not fully fix the issue pointed out in
<#13>.

To fix this, we now only work with cached descriptors except when
we need to look up flags in the network consensus.

Thanks to Arlo for pointing this out.
@NullHypothesis
Copy link
Owner

@arlolra, you are right, it's affected by the same issue, thanks for pointing this out. What do you think about patch ed94d16?

@NullHypothesis NullHypothesis reopened this Nov 8, 2014
@arlolra
Copy link
Contributor

arlolra commented Nov 11, 2014

@NullHypothesis looks good. one comment inline

@NullHypothesis
Copy link
Owner

I merged the last changes in ff5696a. Thanks, everyone!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@arlolra @NullHypothesis @secretsquirrel @thejustaguy