[tor-bugs] #7003 [Core Tor/Tor]: Wipe relay key material from memory on common crash conditions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Dec 17 10:24:09 UTC 2016
#7003: Wipe relay key material from memory on common crash conditions
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: High | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: small-feature, tor-relay, intro, | Actual Points:
tor-03-unspecified-201612 |
Parent ID: #5456 | Points: medium
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
How much sensitive material is there? Just a shot in the dark, but perhaps
the material could be encrypted in order to keep the amount of time it's
decrypted very short, so all it takes is wiping the master key from memory
to make the rest of the encrypted sensitive material in memory unreadable.
When the process is in an undefined state (according to POSIX, `SIGSEGV`
not induced by `raise(3)` or `kill(2)` puts a process in such a state), it
would be much easier for it to wipe a single page than it would be to find
and wipe a time-varying amount of memory in multiple locations.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7003#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list