[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #28332 [Core Tor/Nyx]: Nyx configurashion editor reproducibly crashes if custom ordering is set
#28332: Nyx configurashion editor reproducibly crashes if custom ordering is set
--------------------------+------------------------------
Reporter: wagon | Owner: atagar
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Core Tor/Nyx | Version: Tor: 0.3.4.9
Severity: Normal | Resolution: duplicate
Keywords: config | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Comment (by wagon):
> it wouldn't exploit root since `nyx` does not need to be installed to
`/usr`
Then it cannot find Stem:
{{{
$ pip3 list | grep stem
stem (1.7.0-dev)
$ ./run_nyx --help
Traceback (most recent call last):
File "./run_nyx", line 7, in <module>
import nyx
File "[/path/to]/nyx/nyx/__init__.py", line 54, in <module>
import stem
ImportError: No module named stem
}}}
> If a meanie snagged my trac password, exploited the Tor git repository
(to circumvent the https), and MITM your connection you're completely
right - someone could do something nasty. But this is both requires the
exploitation of multiple core Tor systems (in which case honestly your
system is the least of our worries)
There is good security practice: sign your code. It is much simpler than
thinking about possible ways of exploitation.
> if you're still worried I can pgp sign this message later.
I am not hurry with this. Please, sign it when you will have time.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28332#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs