[tor-bugs] #3313 [Tor Client]: Security enhancement against malware for Tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Dec 19 00:29:03 UTC 2011

#3313: Security enhancement against malware for Tor
    Reporter:  ioerror      |       Owner:  ioerror         
        Type:  enhancement  |      Status:  reopened        
    Priority:  major        |   Milestone:  Tor: unspecified
   Component:  Tor Client   |     Version:                  
  Resolution:               |    Keywords:                  
      Parent:               |      Points:                  
Actualpoints:               |  

Comment(by atagar):

 Little update from what ioerror and I have been discussing on irc. We have
 a partial workaround that limits the impact on arm - since we still have
 netstat results I can filter on the uid of the tor owner rather than the
 pid. This has the obvious disadvantage that it may be overly inclusive if
 tor isn't run under a dedicated user, but should be fine for the deb use

 I'm not sure how this will work for BSD platforms because neither netstat
 nor proc contents are available there. That said, I'm not sure if this
 feature effects lsof/sockstat/procstat at all on that platform so it may
 not be an issue.


 PS. Sorry for flagging this as a blocker. I didn't realize that we
 reserved that status for critical security issues. At work it just means
 that it needs someone to look at it before final release.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3313#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list