[tor-qa] Introducing hardened builds for 64bit Linux

Jurre van Bergen drwhax at 2600nl.net
Sat Oct 31 23:25:24 UTC 2015 


On 10/21/2015 02:54 PM, Georg Koppen wrote:
> Hi,
>
> we are about to start a hardened Tor Browser series and the first
> nightly for it is ready to get tested (on 64bit Linux systems):
>
> https://people.torproject.org/~gk/testbuilds/tor-browser-linux64-tbb-nightly-hardened_ALL.tar.xz
> https://people.torproject.org/~gk/testbuilds/tor-browser-linux64-tbb-nightly-hardened_ALL.tar.xz.asc
>
> Its major features are:
>
> 1) expensive hardening for tor (ASan, UBSan...)
> 2) ASan for the browser
> 3) the locales we ship/support are included in one bundle allowing to
> choose the locale for Tor Browser on start-up
>
> We plan to have something like 3) for the regular alpha and stable
> series in the (near) future as well. Thus, testing it and providing
> feedback is extra welcome.
>
>

I experience a crash of Tor when I try to go to a new generated tor
hidden service with just a default apache2 page from Debian Jessie.

I run Debian Jessie: Linux boardsofcanada 3.16.0-4-amd64 #1 SMP Debian
3.16.7-ckt11-1+deb8u4 (2015-09-19) x86_64 GNU/Linux

This happens everytime when I try to go to this URL.

Nov 01 00:12:30.000 [notice] Bootstrapped 85%: Finishing handshake with
first hop
Nov 01 00:12:30.000 [notice] New control connection opened from 127.0.0.1.
Nov 01 00:12:31.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 01 00:12:31.000 [notice] Tor has successfully opened a circuit.
Looks like client functionality is working.
Nov 01 00:12:31.000 [notice] Bootstrapped 100%: Done
console.error:
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node
Nov 01 00:12:35.000 [notice] New control connection opened from 127.0.0.1.
Nov 01 00:12:35.000 [notice] New control connection opened from 127.0.0.1.
=================================================================
==15963==ERROR: AddressSanitizer: heap-use-after-free on address
0x60c0003fa4aa at pc 0x7f5804a9b94e bp 0x7ffcfe46a470 sp 0x7ffcfe46a468
READ of size 20 at 0x60c0003fa4aa thread T0
ASAN:SIGSEGV
==15963==AddressSanitizer: while reporting a bug found another one.
Ignoring.

More information about the tor-qa mailing list