Warn if HSes are configured on a client with UseEntryGuards disabled

changes/warn-about-hses-without-guards

@@ -0,0 +1,8 @@
+  o Minor features:
+
+    - Warn users who run hidden services on a Tor client with
+      UseEntryGuards disabled that their hidden services will be
+      vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
+      attack which motivated Tor to support entry guards in the first
+      place).  Fixes bug 6889.
+

src/or/config.c

@@ -2536,6 +2536,15 @@ options_validate(or_options_t *old_options, or_options_t *options,
     options->UseEntryGuards = 0;
   }
 
+  if (!(options->UseEntryGuards) &&
+      (options->RendConfigLines != NULL)) {
+    log_warn(LD_CONFIG,
+	     "UseEntryGuards is disabled, but you have configured one or more "
+	     "hidden services on this Tor instance.  Your hidden services "
+	     "will be very easy to locate using a well-known attack -- see "
+	     "http://freehaven.net/anonbib/#hs-attack06 for details.");
+  }
+
   if (!(options->LearnCircuitBuildTimeout) &&
         options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
     log_warn(LD_CONFIG,