[tor-relays] running Tor relay live with AddressSanitizer

Nick Mathewson nickm at freehaven.net
Wed Apr 16 00:43:04 UTC 2014


On Thu, Apr 10, 2014 at 11:53 PM,  <starlight.2014q2 at binnacle.cx> wrote:
> I updated the patch to
>
> 1) have AS close /proc
>
> 2) enable core dump files
>
> One should add
>
>    /proc /chroot_tor/proc none noauto,bind 0 0
>
> to /etc/fstab (note the 'noauto').
> Then the 'tor' startup script does a
>
>    mount /chroot_tor/proc
>      ...start tor
>    sleep 10
>    umount /chroot_tor/proc
>
> And it works like a charm.  'tor' starts
> up with full AddressSanitizer monitoring
> but with no pesky /proc file system
> available to potential attackers.
>
> Attached are the patch and the
>    /etc/rc.d/init.d/tor

I'm sold on integrating AddressSanitizer into Tor as a compile-time
option.  I've got a ticket for doing so #11477
(https://trac.torproject.org/projects/tor/ticket/11477).  I've
uploaded your patch there, and am looking into how to better integrate
it.  If you could make sure that the code _I_ have successfully builds
Tor with AddressSanitizer when you configure
--enable-compiler-hardening, that would rock.

(If you like sandboxes, and Linux, you might also like to try the
seccomp2 sandbox code, once Tor 0.2.5.4-alpha is out. It's present in
Tor 0.2.5.3-alpha, but it's kind of buggy.)

Also, see bug #11232
(https://trac.torproject.org/projects/tor/ticket/11232) for the stuff
I found running under AddressSanitizer and ubsan already.

best wishes,
-- 
Nick


More information about the tor-relays mailing list