* phrase security.md better
* display correct number of peers in stats * hopefully fix sigpipe issuemaster
parent
901b275d40
commit
8a9a5abe2e
|
@ -1,5 +1,7 @@
|
||||||
# Security Policy
|
# Security Policy
|
||||||
|
|
||||||
|
We welcome responsible and constructive security review.
|
||||||
|
|
||||||
# Scope
|
# Scope
|
||||||
|
|
||||||
The Onionr software and any nodes you control are within scope.
|
The Onionr software and any nodes you control are within scope.
|
||||||
|
@ -14,7 +16,7 @@ The following exploits are of particular interest:
|
||||||
* Easily associating public keys with server addresses
|
* Easily associating public keys with server addresses
|
||||||
* Discovering true server IPs when behind Tor/I2P (aside from Tor/i2p-level attacks)
|
* Discovering true server IPs when behind Tor/I2P (aside from Tor/i2p-level attacks)
|
||||||
* Easily discovering which nodes are the block creator
|
* Easily discovering which nodes are the block creator
|
||||||
* XSS, CSRF, clickjacking
|
* XSS, CSRF, clickjacking, DNS rebinding
|
||||||
* Timing attacks against the local http server ([see blog post](https://www.chaoswebs.net/blog/timebleed-breaking-privacy-with-a-simple-timing-attack.html))
|
* Timing attacks against the local http server ([see blog post](https://www.chaoswebs.net/blog/timebleed-breaking-privacy-with-a-simple-timing-attack.html))
|
||||||
* Discovering direct connection servers as a non participant.
|
* Discovering direct connection servers as a non participant.
|
||||||
* Cryptography/protocol issues
|
* Cryptography/protocol issues
|
||||||
|
@ -26,7 +28,7 @@ We do not consider non-network based same-machine attacks to be very significant
|
||||||
|
|
||||||
Onionr is a student-owned hobby project, resources are not available for large rewards.
|
Onionr is a student-owned hobby project, resources are not available for large rewards.
|
||||||
|
|
||||||
Stickers or other reasonable & negotiable rewards are available. We reserve the right to refuse rewards for any reason.
|
Stickers or other small rewards are available. We reserve the right to refuse rewards for any reason.
|
||||||
|
|
||||||
Public recognition can be given upon request.
|
Public recognition can be given upon request.
|
||||||
|
|
||||||
|
|
|
@ -132,7 +132,10 @@ def raw(data, fd = sys.stdout, sensitive = False):
|
||||||
'''
|
'''
|
||||||
|
|
||||||
if get_settings() & OUTPUT_TO_CONSOLE:
|
if get_settings() & OUTPUT_TO_CONSOLE:
|
||||||
ts = fd.write('%s\n' % data)
|
try:
|
||||||
|
ts = fd.write('%s\n' % data)
|
||||||
|
except OSError:
|
||||||
|
pass
|
||||||
if get_settings() & OUTPUT_TO_FILE and not sensitive:
|
if get_settings() & OUTPUT_TO_FILE and not sensitive:
|
||||||
try:
|
try:
|
||||||
with open(_outputfile, "a+") as f:
|
with open(_outputfile, "a+") as f:
|
||||||
|
|
|
@ -39,7 +39,7 @@ def show_stats(o_inst):
|
||||||
|
|
||||||
# count stats
|
# count stats
|
||||||
'div2' : True,
|
'div2' : True,
|
||||||
'Known Peers' : str(len(o_inst.onionrCore.listPeers()) - 1),
|
'Known Peers' : str(len(o_inst.onionrCore.listPeers())),
|
||||||
'Enabled Plugins' : str(len(o_inst.onionrCore.config.get('plugins.enabled', list()))) + ' / ' + str(len(os.listdir(o_inst.dataDir + 'plugins/'))),
|
'Enabled Plugins' : str(len(o_inst.onionrCore.config.get('plugins.enabled', list()))) + ' / ' + str(len(os.listdir(o_inst.dataDir + 'plugins/'))),
|
||||||
'Stored Blocks' : str(totalBlocks),
|
'Stored Blocks' : str(totalBlocks),
|
||||||
'Percent Blocks Signed' : str(round(100 * signedBlocks / max(totalBlocks, 1), 2)) + '%'
|
'Percent Blocks Signed' : str(round(100 * signedBlocks / max(totalBlocks, 1), 2)) + '%'
|
||||||
|
|
|
@ -438,7 +438,7 @@ class OnionrUtils:
|
||||||
else:
|
else:
|
||||||
logger.warn('Failed to verify hash for %s' % block)
|
logger.warn('Failed to verify hash for %s' % block)
|
||||||
if not exist:
|
if not exist:
|
||||||
print('No blocks found to import')
|
logger.info('No blocks found to import')
|
||||||
|
|
||||||
def progressBar(self, value = 0, endvalue = 100, width = None):
|
def progressBar(self, value = 0, endvalue = 100, width = None):
|
||||||
'''
|
'''
|
||||||
|
|
Loading…
Reference in New Issue