[tor-bugs] #3313 [Tor Client]: Security enhancement against malware for Tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Dec 19 05:13:18 UTC 2011 

#3313: Security enhancement against malware for Tor
----------------------------+-----------------------------------------------
    Reporter:  ioerror      |       Owner:  ioerror         
        Type:  enhancement  |      Status:  reopened        
    Priority:  major        |   Milestone:  Tor: unspecified
   Component:  Tor Client   |     Version:                  
  Resolution:               |    Keywords:                  
      Parent:               |      Points:                  
Actualpoints:               |  
----------------------------+-----------------------------------------------

Comment(by atagar):

 > Right - so in essence we get all the security features we want, we look
 at /proc/net/tcp for a reasonable guess and on Debian systems or any
 systems with a dedicated uid, we're pretty much certain.

 Yup. I'll probably check if the uid belongs to debian-tor and, if not,
 give a warning about possible bad data in the connection panel since
 custom setups are more likely to have non-dedicated users.

 Is there anything tor could check to see if the kernel already has ptrace
 protections built in and, if so, not do it ourselves? This would mean that
 on Ubuntu or other platforms with ptrace disabling built in arm would work
 normally (between that and our workaround I'd be happy to call this good).

 > Using these tools as an API is not stable. What if the OS had changed
 this?

 I know, more than any of us, just how unstable these utilities are. I've
 spent months making them work on Debian, Ubuntu, Gentoo, OSX, FreeBSD,
 OpenBSD, and others, some of them with some damn strange quirks. For
 instance on OpenBSD the ps variant shows a process' uptime in...
 - in local time
 - with AM/PM rather than 24 hour time
 - the whole f*ing format changes based on if the uptime is over a day or
 not

 ... in the end I decided that one was simply unparseable. I agree that ps,
 netstat, and other system commands are, in git terminology, porcelain.
 Proc contents tend to be more stable but don't exist in the BSD family. If
 I could get the data I need from tor then great. My use of system commands
 are simply because they both work well enough in practice and don't
 require developing in C (something I find about as appealing as an
 unanesthetized root canal).

 Cheers! -Damian

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3313#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list