David,
> Making secret_onion_key and secret_onion_key_ntor read-only does not quite
>work, because tor first renames them to secret_onion_key.old and
>secret_onion_key_ntor.old before writing new files. (Making the *.old files
>read-only does not work either, because the `tor_rename` function first
>unlinks the destination.)
https://gitweb.torproject.org/tor.git/tree/src/feature/relay/router.c?h=tor-0.4.6.9#n497
> But a slight variation does work: make secret_onion_key.old and
>secret_onion_key_ntor.old *directories*, so that tor_rename cannot rename a
>file over them. It does result in an hourly `BUG` stack trace, but otherwise
>it seems effective.
Directories instead of read-only files. Nice Out-Of-The-Box Thinking!
Now, the question becomes whether there are any adverse side-effects, with the
DirectoryAuthorities, from the secret_onion_keys not being updated over time?
Excellent Work!
Much Respect.
Gary—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
