Igatsha elisha elizinzile leTor 0.4.4.5 manje seliyatholakala, yazi izinguquko zalo ezibaluleke kakhulu

Darkcrizt

Imizuzu ye-4

Muva nje kukhishwe inguqulo entsha ezinzile yeTor 0.4.4.5, isetshenziselwe ukuhlela umsebenzi wenethiwekhi yeTor engaziwa. Isikhuni esingu-0.4.4.5 kubhekwa njengenguqulo yokuqala ezinzile yegatsha 0.4.4, lokho kuguquke ezinyangeni ezinhlanu ezedlule.

Igatsha 0.4.4 lizogcinwa njengengxenye yomjikelezo ojwayelekile wokugcinwa; ukukhishwa kwezibuyekezo kuzomiswa ngemuva kwezinyanga eziyi-9 (ngoJuni 2021) noma ezinyangeni ezi-3 ngemuva kokukhishwa kwegatsha le-0.4.5.x.

Ngaphezu kwalokho, umjikelezo omude wokusekelwa (i-LTS) nawo unikezwa igatsha le-0.3.5, izibuyekezo zalo ezizokhishwa kuze kube nguFebhuwari 1, 2022. Ukuxhaswa kwe-0.4.0.x, 0.2.9.x no-0.4.2 Amagatsha. 0.4.1.x anqanyuliwe. Ukuxhaswa kwegatsha le-20.x kuzophulwa ngoMeyi 0.4.3 no-15 ngoFebhuwari 2021, XNUMX.

Okwalabo namanje abangazi ngephrojekthi yeTor (Umzila we-anyanisi). Le phrojekthi inhloso yayo enkulu ukuthuthukisa inethiwekhi yezokuxhumana isatshalaliswa nge-latency ephansi futhi ifakwe phezulu ku-inthanethi, lapho ukuhanjiswa kwemiyalezo eshintshwe phakathi kwabasebenzisi kungakhombisi ubunikazi babo, okungukuthi, ikheli laso le-IP (ukungaziwa ezingeni lenethiwekhi) nokuthi, ngaphezu kwalokho, kugcina ubuqotho nokufihla kolwazi oluhamba ngalo.

Isistimu yakhelwe ngokuguquguquka okudingekayo ukuze ikwazi ukuthuthuka, isetshenziswe emhlabeni wangempela futhi ikwazi ukumelana nezinhlobo ezahlukene zokuhlaselwa. Noma kunjalo, inamaphuzu abuthakathaka futhi ayinakuthathwa njengohlelo olungenangqondo.

Izici ezintsha eziyinhloko zeTor 0.4.4.5

Le nguqulo entsha yeTor iza nezinguquko ezimbalwa nokulungiswa, kuzo sigqamisa ezibaluleke kakhulu njenge ithuthukise i-algorithm yokukhetha i-sentinel node, lapho inkinga ngokulinganiswa komthwalo, kanye nokukhiqiza okuthuthukile nokuphepha.

Olunye ushintsho olukhulu, Ngukuthi ikhono lokulayisha ibhalansi ezinsizeni ze-anyanisi laqalwa. Njengoba insizakalo esekwe kunguqulo yesithathu ye-protocol manje isingasebenza njenge-backend ye-OnionBalance, elungiselelwe kusetshenziswa inketho ye-HiddenServiceOnionBalanceInstance.

Kubuye kuqhakanjiswe lokho uhlu lwamaseva wesikhombi semibhalo luye lwabuyekezwa, engakaze ibuyekezwe kusukela ngonyaka odlule, futhi amaseva ayi-105 kwangu-148 ahlala esebenza (uhlu olusha lubandakanya okufakiwe okungu-144 okwenziwe ngoJulayi).

Ekudluliseni, kuvunyelwe ukusebenza namaseli we-EXTEND2 lokho kuyatholakala kuphela kukheli le-IPv6, futhi ukunwetshwa kwamaketanga ngaphezulu kwe-IPv6 nakho kuvunyelwe uma iklayenti ne-relay support IPv6.

Uma, ngokwandisa amaketanga ama-node, iseli lingafinyelelwa ngasikhathi sinye nge-IPv4 ne-IPv6, khona-ke ikheli le-IPv4 noma le-IPv6 likhethwa ngokungahleliwe. Ukuxhumeka okukhona kwe-IPv6 kunganweba iketanga. Ukusetshenziswa kwamakheli wangaphakathi we-IPv4 ne-IPv6 akuvunyelwe.

Futhi wandise inani lekhodi elingakhubazeka lapho uqala iTor ngaphandle kokusekelwa okudluliselwe.

Ngaphezu kwalokho, futhi kusingathwa ngendlela efanele kwemingcele yokuvikela i-DoS yensizakalo ye-anyanisi. Yebo, phambilini, imingcele yokuvumelana yokuvikelwa kwensiza ye-DoS ibizobhala ngaphezulu imingcele ebekwe opharetha wensizakalo nge-HiddenServiceEnableIntroDoSDefense.

Okunye ukulungiswa kwe-bug okubalulekile yisiphazamisi ebesithatha kancane ithrafikhi ephelele kusuka kusevisi ye-anyanisi yenethiwekhi ye-Tor, inganaki noma yimuphi umgwaqo ovela kumakhasimende.

Ngaphandle kwalokho iziteshi ezisebenzisa izinhlobo eziphelelwe yisikhathi ze-Tor handshake azisakwazi ukudlula amasheke Ukutholwa kwamakheli njengezincwadi zeBhayibheli (Lolu wudaba oluncane nje, njengoba lezi ziteshi zingenandlela yokulungisa okhiye be-ed25519 ngakho-ke kufanele zihlale zenqatshwa kumasekethe acacisa ubunikazi be-ed25519.)

Kwezinye izinguquko okugqamile:

  • Iziphathimandla manje zincoma izinhlobo zephrothokholi ezihambisana neTor 0.3.5 nangemva kwalokho.
  • Setha kabusha ukusekelwa kwemicimbi ethekwini ye-GUARD NEW / UP / DOWN.
  • Faka ukwesekwa kwe-IPv6 ku-tor_addr_is_valid ().
  • Ngeza izivivinyo zezinguquko ezingenhla ne- tor_addr_is_null ().
  • Vumela amaklayenti nokudluliswa ukuthumela i-IPv2-only, dual-stack EXTEND6 cell.
  • Vumela iTor ukwakha ezisekelweni lapho ingazi ukuthi ingabikwa kanjani ukuthi iyiphi i-syscall ebangele ukuphahlazeka kwe-sandbox ye-Linux seccomp2.
  • Vumela ikholi yohlelo lwe- unlinkat (), okusetshenziswa okunye ukwenziwa kweLibc ukusebenzisa i-unlink ().
  • Kungezwe ama-3 amasha we-SocksPort ExtendedErrors (F2, F3, F7) abika uhlobo olusha lokwehluleka kokuxhumeka kwensiza.

Ekugcineni, uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane ku- isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.