From 8962f0032fa526582094307a4844d274c1c9f512 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 5 Jun 2018 10:45:01 +0100 Subject: [PATCH 1/3] simplewallet: add optional trusted/untrusted argument to set_daemon Otherwise the previous daemon's trustedness would carry over. If not specified, the local address check is performed again. --- src/simplewallet/simplewallet.cpp | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 397614328..4acf30b27 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -2028,7 +2028,7 @@ simple_wallet::simple_wallet() tr("Stop mining in the daemon.")); m_cmd_binder.set_handler("set_daemon", boost::bind(&simple_wallet::set_daemon, this, _1), - tr("set_daemon [:]"), + tr("set_daemon [:] [trusted|untrusted]"), tr("Set another daemon to connect to.")); m_cmd_binder.set_handler("save_bc", boost::bind(&simple_wallet::save_bc, this, _1), @@ -3778,6 +3778,33 @@ bool simple_wallet::set_daemon(const std::vector& args) } LOCK_IDLE_SCOPE(); m_wallet->init(daemon_url); + + if (args.size() == 2) + { + if (args[1] == "trusted") + m_trusted_daemon = true; + else if (args[1] == "untrusted") + m_trusted_daemon = false; + else + { + fail_msg_writer() << tr("Expected trusted or untrusted, got ") << args[1] << ": assuming untrusted"; + m_trusted_daemon = false; + } + } + else + { + m_trusted_daemon = false; + try + { + if (tools::is_local_address(m_wallet->get_daemon_address())) + { + MINFO(tr("Daemon is local, assuming trusted")); + m_trusted_daemon = true; + } + } + catch (const std::exception &e) { } + } + success_msg_writer() << boost::format("Daemon set to %s, %s") % daemon_url % (*m_trusted_daemon ? tr("trusted") : tr("untrusted")); } else { fail_msg_writer() << tr("This does not seem to be a valid daemon URL."); } From 941a608d52ce74eaad2c4c7dc49a8571111081bb Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 5 Jun 2018 11:32:35 +0100 Subject: [PATCH 2/3] util: consider Tor/I2P addresses to be non local --- src/common/util.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/common/util.cpp b/src/common/util.cpp index 7e77e19b1..d17d24928 100644 --- a/src/common/util.cpp +++ b/src/common/util.cpp @@ -657,6 +657,13 @@ std::string get_nix_version_display_string() bool is_local_address(const std::string &address) { + // always assume Tor/I2P addresses to be untrusted by default + if (boost::ends_with(address, ".onion") || boost::ends_with(address, ".i2p")) + { + MDEBUG("Address '" << address << "' is Tor/I2P, non local"); + return false; + } + // extract host epee::net_utils::http::url_content u_c; if (!epee::net_utils::parse_url(address, u_c)) From 2b3357ee98a36bc2252e12d1e336eb9c5c7474f6 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 5 Jun 2018 16:54:46 +0100 Subject: [PATCH 3/3] README: mention --untrusted-daemon when connecting the wallet to a daemon on a tor hidden service --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4c3e9799a..aedf8efb1 100644 --- a/README.md +++ b/README.md @@ -546,6 +546,8 @@ setting the following configuration parameters and environment variables: as well. * Do NOT pass `--detach` when running through torsocks with systemd, (see [utils/systemd/monerod.service](utils/systemd/monerod.service) for details). +* If you use the wallet with a Tor daemon via the loopback IP (eg, 127.0.0.1:9050), + then use `--untrusted-daemon` unless it is your own hidden service. Example command line to start monerod through Tor: