#25803: Infinite restart loop when daemon crashes
----------------------------------------------+----------------------------
Reporter: tiejohg2sahth | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: systemd, tor-relay, security-low | Actual Points:
Parent ID: | Points: 0.1
Reviewer: | Sponsor:
----------------------------------------------+----------------------------
Comment (by teor):
Replying to [comment:4 arma]:
> Replying to [comment:3 teor]:
> > It doesn't make sense to restart in any of the listed failure modes:
>
> I haven't learned much about systemd yet, so please ignore this if you
have a better handle on things, but: in the past one of Tor's transient
failure modes was that the system would start it before the system had set
up its IP addresses (especially true with the world of ipv6), or before
the system had set up its network interfaces, and if it just gave up right
then, the system Tor would stay down. So retrying some times, especially
at first boot, used to make sense.
It still does, see #25182.
Here's what I suggest we do:
Restart after 60 seconds, rather than 0.1 seconds. Slowing the restart
rate limits automated exploitation, and increases the likelihood that the
network will be available.
{{{
RestartSec=60
}}}
We could also avoid restarting when Tor crashes, or exits badly. We would
need to work out a list of signals and exit statuses that should prevent a
restart. For example:
{{{
RestartPreventExitStatus= 1 6 SIGABRT SIGSEGV
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25803#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
