[tor-bugs] #30125 [Obfuscation/Snowflake]: Port server's log sanitization to client, broker, and proxy-go

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 11 22:18:03 UTC 2019 

#30125: Port server's log sanitization to client, broker, and proxy-go
-----------------------------------+------------------------------
 Reporter:  dcf                    |          Owner:  cohosh
     Type:  enhancement            |         Status:  needs_review
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:  Sponsor19
-----------------------------------+------------------------------

Comment (by dcf):

 The refactoring looks good. I have a few ideas about deployment to save us
 some trouble later. My main goal is that there should be a clean break
 between the old unsanitized logs and the new sanitized logs, so that we
 don't later have to trawl through a log file and figure out where the
 change happened. This is because I'd like us to extract what we need from
 the old logs and then delete them.

 For the bridge, those logs are being rotated and not saved long-term, so
 we don't need to do anything special.

 For the broker, it will be something like this:
 {{{
 sv stop snowflake-broker
 cd /var/log/snowflake-broker
 tar cf unsanitized.tar *.s current.20190322.xz current
 shred -n 1 -v -u *.s current.20190322.xz current
 # install the new /usr/local/bin/broker
 sv start snowflake-broker
 }}}

 For proxy-go, it will be similar, except that there are several /home
 /snowflake-proxy/*.log.d log directories. Also /home/snowflake-proxy
 /snowflake-proxy-*.log{,.xz} are unsanitized logs from before we started
 using runit log directories (happened in #28390).

 For the client, we'll need a Tor Browser ticket to pick up the upgrade. A
 sample ticket and patch that can serve as a template is #26795. I know you
 are interested in the reproducible build and this would be a good
 introduction to
 [[doc/TorBrowser/Hacking#BuildingOfficialTorBrowserReleaseBinaries|rbm]]
 if you haven't used it yet. Basically, you just need to edit
 projects/snowflake/config and update `git_hash`, then run `make testbuild`
 to make sure it still builds, then open a ticket in the Applications/Tor
 Browser component.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30125#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list