[tor-bugs] #3313 [Tor Client]: Security enhancement against malware for Tor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Dec 19 00:29:03 UTC 2011
#3313: Security enhancement against malware for Tor
----------------------------+-----------------------------------------------
Reporter: ioerror | Owner: ioerror
Type: enhancement | Status: reopened
Priority: major | Milestone: Tor: unspecified
Component: Tor Client | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
----------------------------+-----------------------------------------------
Comment(by atagar):
Little update from what ioerror and I have been discussing on irc. We have
a partial workaround that limits the impact on arm - since we still have
netstat results I can filter on the uid of the tor owner rather than the
pid. This has the obvious disadvantage that it may be overly inclusive if
tor isn't run under a dedicated user, but should be fine for the deb use
case.
I'm not sure how this will work for BSD platforms because neither netstat
nor proc contents are available there. That said, I'm not sure if this
feature effects lsof/sockstat/procstat at all on that platform so it may
not be an issue.
-Damian
PS. Sorry for flagging this as a blocker. I didn't realize that we
reserved that status for critical security issues. At work it just means
that it needs someone to look at it before final release.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3313#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list