[tor-relays] running Tor relay live with AddressSanitizer
nickm at freehaven.net
Wed Apr 16 00:43:04 UTC 2014
On Thu, Apr 10, 2014 at 11:53 PM, <starlight.2014q2 at binnacle.cx> wrote:
> I updated the patch to
> 1) have AS close /proc
> 2) enable core dump files
> One should add
> /proc /chroot_tor/proc none noauto,bind 0 0
> to /etc/fstab (note the 'noauto').
> Then the 'tor' startup script does a
> mount /chroot_tor/proc
> ...start tor
> sleep 10
> umount /chroot_tor/proc
> And it works like a charm. 'tor' starts
> up with full AddressSanitizer monitoring
> but with no pesky /proc file system
> available to potential attackers.
> Attached are the patch and the
I'm sold on integrating AddressSanitizer into Tor as a compile-time
option. I've got a ticket for doing so #11477
uploaded your patch there, and am looking into how to better integrate
it. If you could make sure that the code _I_ have successfully builds
Tor with AddressSanitizer when you configure
--enable-compiler-hardening, that would rock.
(If you like sandboxes, and Linux, you might also like to try the
seccomp2 sandbox code, once Tor 0.2.5.4-alpha is out. It's present in
Tor 0.2.5.3-alpha, but it's kind of buggy.)
Also, see bug #11232
(https://trac.torproject.org/projects/tor/ticket/11232) for the stuff
I found running under AddressSanitizer and ubsan already.
More information about the tor-relays