[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17852 [Tor]: Tor Daemon hardening



#17852: Tor Daemon hardening
--------------------------+------------------------
     Reporter:  jsturgix  |      Owner:
         Type:  defect    |     Status:  new
     Priority:  Medium    |  Milestone:
    Component:  Tor       |    Version:  Tor: 0.2.7
     Severity:  Normal    |   Keywords:
Actual Points:            |  Parent ID:
       Points:            |    Sponsor:
--------------------------+------------------------
 I ran FlawFinder (http://www.dwheeler.com/flawfinder/), a C static source
 code analyzer, against the Tor source, maint-0.2.7 branch.  FlawFinder
 reported the following results:

 Hits = 2348
 Lines analyzed = 239214 in 8.25 seconds (30879 lines/second)
 Physical Source Lines of Code (SLOC) = 171455
 Hits@level = [0]   0 [1] 760 [2] 1550 [3]  14 [4]  14 [5]  10
 Hits@level+ = [0+] 2348 [1+] 2348 [2+] 1588 [3+]  38 [4+]  24 [5+]  10
 Hits/KSLOC@level+ = [0+] 13.6946 [1+] 13.6946 [2+] 9.26191 [3+] 0.221632
 [4+] 0.139978 [5+] 0.0583243
 Dot directories skipped = 11 (--followdotdir overrides)
 Minimum risk level = 1
 Not every hit is necessarily a security vulnerability.
 There may be other security vulnerabilities; review your code!


 I manually reviewed all hits level 3+.  Most were false positives, but I
 did make several suggestions that can be found in my Tor repository
 (branch maint-0.2.7-codereview).


 https://github.com/sturgix/tor/tree/maint-0.2.7-codereview

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17852>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs