Log only one message for dangerous log settings.

We log only one message, containing a complete list of what's
wrong.  We log the complete list whenever any of the possible things
that could have gotten wrong gets worse.

Fix for #9870. Bugfix on 10480dff01bece13fab, which we merged in
0.2.5.1-alpha.

diff --git a/changes/bug9870 b/changes/bug9870
new file mode 100644 (file)
index 0000000..b4b2c2d
--- /dev/null
+++ b/changes/bug9870
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+
+    - Log only one message when we start logging in an unsafe
+      way. Previously, we would log as many messages as we had
+      problems. Fix for #9870; bugfix on 0.2.5.1-alpha.

diff --git a/src/or/config.c b/src/or/config.c
index d2981771c005bde48d5b558ff85bef94e443eb63..dcbe88dccd2d672b25a6f67c3f469daeee8af5a8 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1148,12 +1148,31 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     tor_free(severity);
     tor_log_update_sigsafe_err_fds();
   }
-  if (get_min_log_level() >= LOG_INFO &&
-      get_min_log_level() != old_min_log_level) {
-    log_warn(LD_GENERAL, "Your log may contain sensitive information: you're "
-             "logging more than \"notice\". Please log safely. Don't log "
-             "unless it serves an important reason, and overwrite the log "
-             "afterwards.");
+
+  {
+    const char *badness = NULL;
+    int bad_safelog = 0, bad_severity = 0, new_badness = 0;
+    if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) {
+      bad_safelog = 1;
+      if (!old_options || old_options->SafeLogging_ != options->SafeLogging_)
+        new_badness = 1;
+    }
+    if (get_min_log_level() >= LOG_INFO) {
+      bad_severity = 1;
+      if (get_min_log_level() != old_min_log_level)
+        new_badness = 1;
+    }
+    if (bad_safelog && bad_severity)
+      badness = "you disabled SafeLogging, and "
+        "you're logging more than \"notice\"";
+    else if (bad_safelog)
+      badness = "you disabled SafeLogging";
+    else
+      badness = "you're logging more than \"notice\"";
+    if (new_badness)
+      log_warn(LD_GENERAL, "Your log may contain sensitive information - %s. "
+               "Don't log unless it serves an important reason. "
+               "Overwrite the log afterwards.", badness);
   }
 
   SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
@@ -1341,13 +1360,6 @@ options_act(const or_options_t *old_options)
   }
 #endif
 
-  if (options->SafeLogging_ != SAFELOG_SCRUB_ALL &&
-      (!old_options || old_options->SafeLogging_ != options->SafeLogging_)) {
-    log_warn(LD_GENERAL, "Your log may contain sensitive information - you "
-             "disabled SafeLogging. Please log safely. Don't log unless it "
-             "serves an important reason. Overwrite the log afterwards.");
-  }
-
   if (options->Bridges) {
     mark_bridge_list();
     for (cl = options->Bridges; cl; cl = cl->next) {