[tor-bugs] #8933 [Company]: Do a security audit of Onion Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 24 15:03:37 UTC 2013
#8933: Do a security audit of Onion Browser
---------------------+------------------------------------------------------
Reporter: mttp | Owner:
Type: project | Status: new
Priority: normal | Milestone:
Component: Company | Version:
Keywords: | Parent: #5895
Points: | Actualpoints:
---------------------+------------------------------------------------------
Changes (by mtigas):
* cc: mike@… (added)
Comment:
Hey all, totally willing to assist you guys if you find the person/time to
do this.
The only actual patches to tor src are documented: [1][2]
Mostly, I’m concerned in issues with the actual architecture of the app —
the app itself is a massive hack in which iOS app runs Tor as a thread
within the same process (a way to bypass the fact that non-jailbroken iOS
apps cannot execute subprocesses). (Some details are mentioned in [1].)
Still not 100% sure as to what weaknesses this possibly allows, but that's
something I'd love to have looked at.
[1]: https://github.com/mtigas/iOS-
OnionBrowser/blob/master/README.markdown#technical-notes
[2]: https://github.com/mtigas/iOS-OnionBrowser/tree/master/build-patches
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8933#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list