On Thu, Apr 10, 2014 at 11:53 PM, starlight.2014q2@binnacle.cx wrote:
I updated the patch to
have AS close /proc
enable core dump files
One should add
/proc /chroot_tor/proc none noauto,bind 0 0
to /etc/fstab (note the 'noauto'). Then the 'tor' startup script does a
mount /chroot_tor/proc ...start tor sleep 10 umount /chroot_tor/proc
And it works like a charm. 'tor' starts up with full AddressSanitizer monitoring but with no pesky /proc file system available to potential attackers.
Attached are the patch and the /etc/rc.d/init.d/tor
I'm sold on integrating AddressSanitizer into Tor as a compile-time option. I've got a ticket for doing so #11477 (https://trac.torproject.org/projects/tor/ticket/11477). I've uploaded your patch there, and am looking into how to better integrate it. If you could make sure that the code _I_ have successfully builds Tor with AddressSanitizer when you configure --enable-compiler-hardening, that would rock.
(If you like sandboxes, and Linux, you might also like to try the seccomp2 sandbox code, once Tor 0.2.5.4-alpha is out. It's present in Tor 0.2.5.3-alpha, but it's kind of buggy.)
Also, see bug #11232 (https://trac.torproject.org/projects/tor/ticket/11232) for the stuff I found running under AddressSanitizer and ubsan already.
best wishes,