[tor-bugs] #7352 [Tor]: make defense-in-depth memsets work in spite of compilers

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 7 21:35:22 UTC 2012


#7352: make defense-in-depth memsets work in spite of compilers
--------------------------+-------------------------------------------------
 Reporter:  nickm_mobile  |          Owner:                    
     Type:  defect        |         Status:  needs_review      
 Priority:  major         |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor           |        Version:                    
 Keywords:  tor-relay     |         Parent:                    
   Points:                |   Actualpoints:                    
--------------------------+-------------------------------------------------

Comment(by nickm):

 Because people are probably going to get linked here, here's a description
 of the problem, its severity, and the solution:
 {{{
   o Major bugfixes:
     - Tor tries to wipe potentially sensitive data after using it, so
       that if some subsequent security failure exposes Tor's memory,
       the damage will be limited. But we had a bug where the compiler
       was eliminating these wipe operations when it decided that the
       memory was no longer visible to a (correctly running) program,
       hence defeating our attempt at defense in depth. We fix that
       by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
       is unlikely to optimize away. Future versions of Tor may use
       a less ridiculously heavy approach for this. Fixes bug 7352.
       Reported in an article by Andrey Karpov.
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7352#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list