[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Nov 2017 13:10:32 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Nov 2017 09:26:27 -0500
In-reply-to: <044.41a269f4ba512b523360b946f1cc9be0@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.41a269f4ba512b523360b946f1cc9be0@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22962: Clarify the security severity of issues that make denial of service easier
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  nickm
     Type:  task          |         Status:  accepted
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  docs policy   |  Actual Points:
Parent ID:  #22948        |         Points:
 Reviewer:                |        Sponsor:  SponsorV
--------------------------+------------------------------------

Comment (by nickm):

 I think we should follow the lead of OpenSSL, and split "HIGH" into "HIGH"
 and "CRITICAL".

 Here's my back-of-the-envelope attempt to do the division, of the
 categories currently in "HIGH".

 These should be "HIGH":
     Any remote crash attack against hidden services. (This includes
 unfreed memory and other resource exhaustion attacks that can lead to
 denial-of-service.)
     Any memory-disclosure vulnerability.

 These should be "CRITICAL":
     Any bug that can remotely cause clients to de-anonymize themselves.
     Any remote code-execution vulnerability.
     Any bug that allows impersonation of a relay. (If someone accesses a
 relay's keys, and it's not due to a bug in tor, we deal with that through
 the bad-relays process.)
     Any bug that lets non-exit relays get at user plaintext.
     Any privilege escalation from a Tor user to the higher-privileged user
 that started the Tor process. (For example, if Tor is started by root and
 told to drop privileges with the User flag, any ability to regain root
 privileges would be high-severity.)


 And I think we should be more explicit that we may revise severities
 upwards or downwards depending on specifics of the issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22962#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #24384 [Metrics/Onionoo]: Decode percent-encoded characters in qualified search terms
Next by Author: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Previous by thread: Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
Next by thread: Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
Index(es):
- Author
- Thread