[tor-bugs] #7003 [Tor Relay]: Wipe relay keys on common crash conditions
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Oct 1 02:16:05 UTC 2012
#7003: Wipe relay keys on common crash conditions
---------------------------------------------+------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version:
Keywords: MikePerry201212, small-feature | Parent: #5456
Points: | Actualpoints:
---------------------------------------------+------------------------------
Tor should wipe key material before common crash conditions, to avoid key
material leak in the case where relay operators have otherwise taken steps
to keep key material off of disk.
There are two vectors towards obtaining key material after crash: core
files, and large mmap attempts by other users' processes.
It turns out many OS kernels do not provide ways to defend against the
latter case. Therefore, tor should attempt to wipe sensitive key material
on atexit, SIGSEGV, SIGBUS, tor_assert() and other common exit conditions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7003>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list