aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug55844
-rw-r--r--src/or/config.c15
2 files changed, 19 insertions, 0 deletions
diff --git a/changes/bug5584 b/changes/bug5584
new file mode 100644
index 000000000..a81be00ae
--- /dev/null
+++ b/changes/bug5584
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Raise awareness of safer logging - notice user of potentially
+ unsafe configuration options: logging above "notice" or
+ clearning SafeLogging flag. Fixes #5584.
diff --git a/src/or/config.c b/src/or/config.c
index e3ffbf208..09cbdcfbd 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1005,6 +1005,7 @@ options_act_reversible(const or_options_t *old_options, char **msg)
int set_conn_limit = 0;
int r = -1;
int logs_marked = 0;
+ int old_min_log_level = get_min_log_level();
/* Daemonize _first_, since we only want to open most of this stuff in
* the subprocess. Libevent bases can't be reliably inherited across
@@ -1153,6 +1154,13 @@ options_act_reversible(const or_options_t *old_options, char **msg)
control_adjust_event_log_severity();
tor_free(severity);
}
+ if (get_min_log_level() >= LOG_INFO &&
+ get_min_log_level() != old_min_log_level) {
+ log_warn(LD_GENERAL, "Your log may contain sensitive information - you're "
+ "logging above \"notice\". Please log safely. Don't log unless "
+ "it serves an important reason. Overwrite the log afterwards.");
+ }
+
SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
{
log_notice(LD_NET, "Closing old %s on %s:%d",
@@ -1335,6 +1343,13 @@ options_act(const or_options_t *old_options)
}
#endif
+ if (options->SafeLogging_ != SAFELOG_SCRUB_ALL &&
+ (!old_options || old_options->SafeLogging_ != options->SafeLogging_)) {
+ log_warn(LD_GENERAL, "Your log may contain sensitive information - you "
+ "disabled SafeLogging. Please log safely. Don't log unless it "
+ "serves an important reason. Overwrite the log afterwards.");
+ }
+
if (options->Bridges) {
mark_bridge_list();
for (cl = options->Bridges; cl; cl = cl->next) {