subject:"Re\: \[tor\-bugs\] #32827 \[Internal Services\/Services Admin Team\]\: archive.tpo's rsync logs ip addresses \(and it shouldn't\)"

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

2020-01-21 Thread Tor Bug Tracker & Wiki

#32827: archive.tpo's rsync logs ip addresses (and it shouldn't)
-+-
 Reporter:  arma |  Owner:  anarcat
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 filed the bug against systemd after confirmation this wasn't considered a
 security by RedHat

 https://github.com/systemd/systemd/issues/14629

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

2020-01-20 Thread Tor Bug Tracker & Wiki

#32827: archive.tpo's rsync logs ip addresses (and it shouldn't)
-+-
 Reporter:  arma |  Owner:  anarcat
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 i've filed this as a security issue as per
 https://github.com/systemd/systemd/security/policy

 after a timeout, i'll file it as a bug.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

2020-01-20 Thread Tor Bug Tracker & Wiki

#32827: archive.tpo's rsync logs ip addresses (and it shouldn't)
-+-
 Reporter:  arma |  Owner:  anarcat
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 > this probably affects other components, as I just reused existing code
 when i set that up. we also need to track that.

 at first glance, that's the only server which has that problem.

 i've censored the IP addresses from the rsync access log in a5726714, but
 we have another problem: rsync is started by systemd socket activation,
 which happily spills those IP addresses all over itself:

 {{{
 Jan 20 20:09:45 archive-01/archive-01 systemd[1]: Started rsync daemon
 archive (10.0.0.1:35380).
 Jan 20 20:09:45 archive-01/archive-01 systemd[1]: rsyncd-
 archive@76504-159.69.63.226:873-10.0.0.1:35380.service: Succeeded.
 }}}

 In that context, `10.0.0.1` is my IP address, which I censored in this
 copy-paste.

 so this is only partly fixed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

2020-01-20 Thread Tor Bug Tracker & Wiki

#32827: archive.tpo's rsync logs ip addresses (and it shouldn't)
-+-
 Reporter:  arma |  Owner:  anarcat
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * owner:  (none) => anarcat
 * status:  new => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

2020-01-17 Thread Tor Bug Tracker & Wiki

#32827: archive.tpo's rsync logs ip addresses (and it shouldn't)
-+-
 Reporter:  arma |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 this probably affects other components, as I just reused existing code
 when i set that up. we also need to track that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

Re: [tor-bugs] #32827 [Internal Services/Services Admin Team]: archive.tpo's rsync logs ip addresses (and it shouldn't)

5 matches

Site Navigation

Mail list logo

Footer information