[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #8289 [Tor bundles/installation]: check hashes of files we download against expected hash value
#8289: check hashes of files we download against expected hash value
--------------------------------------+-------------------------------------
Reporter: ioerror | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent: #8288
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Per #8283, we need to check the hash of each file we download against the
expected value. This should ensure that we never build without explicitly
approving each new version _and_ a hash for each new version. It will also
ensure that when an attacker tampers with the file on the remote server,
we will not attempt to build likely hostile source bundles or load hostile
extensions.
I think I'll just write a simple macro to check all of the hashes after
all the downloads complete. Does that seem like a reasonable approach?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8289>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs