[tor-relays] running Tor relay live with AddressSanitizer

Nick Mathewson nickm at freehaven.net
Wed Apr 16 00:43:04 UTC 2014

On Thu, Apr 10, 2014 at 11:53 PM,  <starlight.2014q2 at binnacle.cx> wrote:
> I updated the patch to
> 1) have AS close /proc
> 2) enable core dump files
> One should add
>    /proc /chroot_tor/proc none noauto,bind 0 0
> to /etc/fstab (note the 'noauto').
> Then the 'tor' startup script does a
>    mount /chroot_tor/proc
>      ...start tor
>    sleep 10
>    umount /chroot_tor/proc
> And it works like a charm.  'tor' starts
> up with full AddressSanitizer monitoring
> but with no pesky /proc file system
> available to potential attackers.
> Attached are the patch and the
>    /etc/rc.d/init.d/tor

I'm sold on integrating AddressSanitizer into Tor as a compile-time
option.  I've got a ticket for doing so #11477
(https://trac.torproject.org/projects/tor/ticket/11477).  I've
uploaded your patch there, and am looking into how to better integrate
it.  If you could make sure that the code _I_ have successfully builds
Tor with AddressSanitizer when you configure
--enable-compiler-hardening, that would rock.

(If you like sandboxes, and Linux, you might also like to try the
seccomp2 sandbox code, once Tor is out. It's present in
Tor, but it's kind of buggy.)

Also, see bug #11232
(https://trac.torproject.org/projects/tor/ticket/11232) for the stuff
I found running under AddressSanitizer and ubsan already.

best wishes,

More information about the tor-relays mailing list