config: Warn if EntryNodes and HiddenService are used together

Pinning EntryNodes along with hidden services can be possibly harmful (for
instance #14917 and #21155) so at the very least warn the operator if this is
the case.

Fixes #21155

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/changes/bug21155 b/changes/bug21155
new file mode 100644 (file)
index 0000000..f2a34db
--- /dev/null
+++ b/changes/bug21155
@@ -0,0 +1,5 @@
+  o Minor bugfixes (hidden service, logging):
+    - Warn user if multiple entries in  EntryNodes and at least one
+      HiddenService are used together. Pinning EntryNodes along with an hidden
+      service can be possibly harmful for instance see ticket 14917 or 21155.
+      Closes bug 21155.

diff --git a/src/or/config.c b/src/or/config.c
index 7ae40053eea4aab632737eece0557243168f28da..809ff499fc9b2ae180b6a1aaf55da091b345f709 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3510,6 +3510,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
     return -1;
   }
 
+  /* Inform the hidden service operator that pinning EntryNodes can possibly
+   * be harmful for the service anonymity. */
+  if (options->EntryNodes &&
+      routerset_is_list(options->EntryNodes) &&
+      (options->RendConfigLines != NULL)) {
+    log_warn(LD_CONFIG,
+             "EntryNodes is set with multiple entries and at least one "
+             "hidden service is configured. Pinning entry nodes can possibly "
+             "be harmful to the service anonymity. Because of this, we "
+             "recommend you either don't do that or make sure you know what "
+             "you are doing. For more details, please look at "
+             "https://trac.torproject.org/projects/tor/ticket/21155.");
+  }
+
   /* Single Onion Services: non-anonymous hidden services */
   if (rend_service_non_anonymous_mode_enabled(options)) {
     log_warn(LD_CONFIG,