[tor-bugs] #8288 [Tor bundles/installation]: security, relability and repeatability issues in the TBB build process

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 20 01:49:46 UTC 2013 

#8288: security, relability and repeatability issues in the TBB build process
--------------------------------------+-------------------------------------
 Reporter:  ioerror                   |          Owner:  erinn
     Type:  enhancement               |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------
 Currently when building TBB on any system, we open the builder up to
 compromise. We also open ourselves up to reliability issues as a mirror
 might vanish and leave us out in the cold.

 We rely on fetching software from servers that we do not control and in
 doing so, we use insecure transport mechanisms. Building TBB should not
 allow a local network attacker to get code execution on the builder's
 machine. I propose that we host at least one HTTPS mirror of the required
 source code. I've opened bug #8286 to discuss this topic and to propose
 patches. I believe this will make our build process more reliable as a
 third-party downed mirror will not prevent a build.

 We also do not verify that the dependencies for TBB are verified - if
 someone were to simply tamper with the remote server's archive, the
 builder would be in trouble. I've opened a ticket to add what I think
 should be the current expected hashes to the build process in bug #8283. I
 think it would also make sense to _check_ against the expected hashes, I
 may or may not open a separate bug for that issue - thoughts?

 To the goal of being able to build TBB on OS X from a clean slate is
 currently being discussed in #8246 and I think it is a reasonable goal to
 try to work homebrew into the process. Homebrew ensures that a similar
 hash check is done on software before it installs the software. Thus we'll
 nearly have a totally trusted chain of tools and source code to build TBB
 on OS X. Later, I think we should ensure this is the same for all
 platforms.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8288>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list