* phrase security.md better

* display correct number of peers in stats
* hopefully fix sigpipe issue
master
Kevin Froman 2019-06-16 12:55:48 -05:00
parent 901b275d40
commit 8a9a5abe2e
4 changed files with 10 additions and 5 deletions

View File

@ -1,5 +1,7 @@
# Security Policy # Security Policy
We welcome responsible and constructive security review.
# Scope # Scope
The Onionr software and any nodes you control are within scope. The Onionr software and any nodes you control are within scope.
@ -14,7 +16,7 @@ The following exploits are of particular interest:
* Easily associating public keys with server addresses * Easily associating public keys with server addresses
* Discovering true server IPs when behind Tor/I2P (aside from Tor/i2p-level attacks) * Discovering true server IPs when behind Tor/I2P (aside from Tor/i2p-level attacks)
* Easily discovering which nodes are the block creator * Easily discovering which nodes are the block creator
* XSS, CSRF, clickjacking * XSS, CSRF, clickjacking, DNS rebinding
* Timing attacks against the local http server ([see blog post](https://www.chaoswebs.net/blog/timebleed-breaking-privacy-with-a-simple-timing-attack.html)) * Timing attacks against the local http server ([see blog post](https://www.chaoswebs.net/blog/timebleed-breaking-privacy-with-a-simple-timing-attack.html))
* Discovering direct connection servers as a non participant. * Discovering direct connection servers as a non participant.
* Cryptography/protocol issues * Cryptography/protocol issues
@ -26,7 +28,7 @@ We do not consider non-network based same-machine attacks to be very significant
Onionr is a student-owned hobby project, resources are not available for large rewards. Onionr is a student-owned hobby project, resources are not available for large rewards.
Stickers or other reasonable & negotiable rewards are available. We reserve the right to refuse rewards for any reason. Stickers or other small rewards are available. We reserve the right to refuse rewards for any reason.
Public recognition can be given upon request. Public recognition can be given upon request.

View File

@ -132,7 +132,10 @@ def raw(data, fd = sys.stdout, sensitive = False):
''' '''
if get_settings() & OUTPUT_TO_CONSOLE: if get_settings() & OUTPUT_TO_CONSOLE:
try:
ts = fd.write('%s\n' % data) ts = fd.write('%s\n' % data)
except OSError:
pass
if get_settings() & OUTPUT_TO_FILE and not sensitive: if get_settings() & OUTPUT_TO_FILE and not sensitive:
try: try:
with open(_outputfile, "a+") as f: with open(_outputfile, "a+") as f:

View File

@ -39,7 +39,7 @@ def show_stats(o_inst):
# count stats # count stats
'div2' : True, 'div2' : True,
'Known Peers' : str(len(o_inst.onionrCore.listPeers()) - 1), 'Known Peers' : str(len(o_inst.onionrCore.listPeers())),
'Enabled Plugins' : str(len(o_inst.onionrCore.config.get('plugins.enabled', list()))) + ' / ' + str(len(os.listdir(o_inst.dataDir + 'plugins/'))), 'Enabled Plugins' : str(len(o_inst.onionrCore.config.get('plugins.enabled', list()))) + ' / ' + str(len(os.listdir(o_inst.dataDir + 'plugins/'))),
'Stored Blocks' : str(totalBlocks), 'Stored Blocks' : str(totalBlocks),
'Percent Blocks Signed' : str(round(100 * signedBlocks / max(totalBlocks, 1), 2)) + '%' 'Percent Blocks Signed' : str(round(100 * signedBlocks / max(totalBlocks, 1), 2)) + '%'

View File

@ -438,7 +438,7 @@ class OnionrUtils:
else: else:
logger.warn('Failed to verify hash for %s' % block) logger.warn('Failed to verify hash for %s' % block)
if not exist: if not exist:
print('No blocks found to import') logger.info('No blocks found to import')
def progressBar(self, value = 0, endvalue = 100, width = None): def progressBar(self, value = 0, endvalue = 100, width = None):
''' '''