[tor-bugs] #2695 [Tor bundles/installation]: Private data leak in 0.2.2 debs

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Mar 9 22:56:50 UTC 2011


#2695: Private data leak in 0.2.2 debs
--------------------------------------+-------------------------------------
 Reporter:  arma                      |          Owner:  weasel
     Type:  defect                    |         Status:  new   
 Priority:  normal                    |      Milestone:        
Component:  Tor bundles/installation  |        Version:        
 Keywords:                            |         Parent:        
   Points:                            |   Actualpoints:        
--------------------------------------+-------------------------------------
 In our Tor 0.2.2 debs, we enable cores by default:
 {{{
 #
 # Comment this out if you do not want to get coredumps
 #
 ulimit -c unlimited
 }}}

 But most users don't know about this setting, so they accrue core files in
 their $datadir. These core files could include keys, relay cell payloads,
 buffer contents, etc.

 We should turn this feature off by default.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2695>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list