[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Fri, 2 Mar 2012 05:19:25 +0000
Authentication-results: mr.google.com; spf=pass (google.com: domain of rransom.8774@xxxxxxxxx designates 10.50.41.170 as permitted sender) smtp.mail=rransom.8774@xxxxxxxxx; dkim=pass header.i=rransom.8774@xxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Mar 2012 00:19:38 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=eJ1HHY1pHvDKHhlDmgU7DjAj56xqjmf5NGPaNo1Uv6Y=; b=RY2f1CP+Ax1a9I73DQyVPPx/OyNOJr1V27SMDBL4UIRiVlT1TsTI8tMtd7P0N3Wt91 LfxckCDkU3JIgiJv8zglC2qfLLxNU7Ux94tRl+XYjlDoKuTXIDq5RnERhZ1d5rMwnhtG gdilTbd99tTkofVwyLe4aNp4hEfCt0CLaJE7u10utOACPIixpdvOtzwi9zXdipU9oF+o dVvHjT+xDE27FMAKNWv7mf7sGIYY9Ckd83PuPvbjHFtCuVRE4yy1Zho5mU5MKCj+h/Mx fDdqTYBReqhVUARNmgwtlrL6gsUlz15Xh55nKbdVyFkCdXf+DfRGQSF8Z+IsLfxf2bqX hl4w==
In-reply-to: <20120301233139.57bf4701@kilik>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <dcb1ec7c2ca9c28497a15c64ce4ca021@xxxxxxxxxxxxxxxxxxxx> <20120301233139.57bf4701@kilik>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 2012-03-02, Andrew Lewman <andrew@xxxxxxxxxxxxx> wrote:

> The trick is, I like to think I know what I'm doing and that I'll
> notice if apt-get or my VM image fails to transfer untouched. Whether
> I'll actually notice a sophisticated exploit in deb packages or my vm
> image modified in perfect way that gpg or sha256 hashes don't detect,
> remains to be seen. If I pulled a random person out of a barcamp and
> asked them to do a OS X or Windows update over transparently proxied
> tor, would they notice if the package was modified in transit? What do
> these OSes do in this case? What about freebsd ports?

Every FreeBSD port's list of distfiles includes hashes and sizes of
each distfile to be downloaded.  If I remember correctly, the only
required hash is SHA-256.

portsnap and freebsd-update reportedly use good, competently designed
crypto to verify the files they download before parsing them in a
shell script with (necessarily) root privileges.

portaudit downloads, ungzips and untars an unsigned file as root, then
parses a text file extracted from what was hopefully a tarball in a
shell script run (unnecessarily) as root.  Sucks to be a FreeBSD user.

But apt uses GPG (run with (necessarily) root privileges) to verify
the files it downloads.  Sucks to be a Debian user when someone finds
another code-exec bug in GPG's parsing code.

> Or other package
> systems? What about all of the other software that updates itself
> automagically without a system package manager?

This is a bigger risk to anonymity -- automatic update-related
operations run in the background on a transparent-proxied system can
link the traffic you intended to anonymize with properties of your
operating-system installation (e.g. on Debian, /etc/cron.daily/apt
leaks your system's time zone and the set of package repositories that
you install software from to your circuits' exit node(s)).  Windows
users are at much greater risk from this, because most people install
lots of crap software, thereby marking their systems (and thus their
Tor circuits) with a unique set of automatic updaters.

Of course, if you live in Iran, you're probably better off taking your
chances with exit-node roulette than downloading unsigned, unverified
updates directly through a known-malicious ISP.  Just don't expect
your transparently proxied traffic to stay anonymous.

Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
  - From: Fabian Keil
- Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
  - From: grarpamp
- Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
  - From: proper

References:
- [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
  - From: proper proper
- Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
  - From: Andrew Lewman

Prev by Author: Re: [tor-talk] Orbot and firewall?
Next by Author: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
Previous by thread: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
Next by thread: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy
Index(es):
- Author
- Thread