[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] running Tor relay live with AddressSanitizer

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] running Tor relay live with AddressSanitizer
From: starlight.2013q4@xxxxxxxxxxx
Date: Thu, 31 Oct 2013 15:04:14 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 31 Oct 2013 15:37:15 -0400
In-reply-to: <6.2.5.6.2.20131024180041.03a9ade8@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20131024180041.03a9ade8@xxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

At 18:14 10/24/2013 -0400, starlight.2013q4@xxxxxxxxxxx wrote:
>Has anyone tried running a live relay with
>an image built using GCC 4.8 and
>-fsanitize=address?

Took an initial jab at it by compiling
just 'tor' with

CFLAGS = -g -O1 -D_FORTIFY_SOURCE=2 -fstack-protector-all -Wstack-protector -fwrapv --param ssp-buffer-size=1 -fPIE -Wall -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer

where the modified or added flags are are

-O1 -fsanitize=address -fno-omit-frame-pointer

Fired it up and is looking good so far. CPU
consumption quite reasonable at below 10%,
though the relay is capped at 350 Kbytes/sec
(while spiking to 500+ on a regular basis).
CPU hardly seems to have increased at all.
Memory consumption is, of course, up
substantially with 'tor' swallowing 40%
of the available 2G.

Patched

src/common/util.c:finish_daemon()

to direct stdout/stderr to out/err.tor.
If AS traps-out a violation the reported
details will be captured.

Had to add

libasan.so.0 -> libasan.so.0.0.0
libasan.so.0.0.0
libstdc++.so.6 -> libstdc++.so.6.0.18
libstdc++.so.6.0.18

to the 'chroot' jail. Surprised to
see that AS has C++ elements.

Unfortunately AS requires

/proc/self

for access to address-space map files so

mount -o bind /proc /chroot_tor/proc

is required, increasing the kernel and local
process attack-surface substantially. Salved the
pain with

echo "1" >/proc/sys/kernel/modules_disabled

'tor' is running on a box dedicated to
routing and has no need for loading modules
after boot completes.

-----

Since it works well I'll probably look at
compiling other components with AS in a couple
of weeks. Those would primarily be

openssl
libevent
zlib

Though a ball-of-yarn dimension exists in that
one should probably also look into compiling

glibc

with AS as well--a nightmare I suspect.

Hopefully applying AS to the 'tor' daemon
has enhanced trip-wiring of much of the
available the attack surface. Looking
forward to running with the upcoming
'seccomp' sandbox.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] running Tor relay live with AddressSanitizer
  - From: starlight . 2013q4

Prev by Author: Re: [tor-relays] "stable" flag voting differences
Next by Author: [tor-relays] Cisco ASA
Previous by thread: [tor-relays] running Tor relay live with AddressSanitizer
Next by thread: [tor-relays] Advice on dealing with ISP's response to DMCA takedown notice.
Index(es):
- Author
- Thread