[tor-relays] running Tor relay live with AddressSanitizer
starlight.2013q4 at binnacle.cx
starlight.2013q4 at binnacle.cx
Thu Oct 31 20:04:14 UTC 2013
At 18:14 10/24/2013 -0400, starlight.2013q4 at binnacle.cx wrote:
>Has anyone tried running a live relay with
>an image built using GCC 4.8 and
>-fsanitize=address?
Took an initial jab at it by compiling
just 'tor' with
CFLAGS = -g -O1 -D_FORTIFY_SOURCE=2 -fstack-protector-all -Wstack-protector -fwrapv --param ssp-buffer-size=1 -fPIE -Wall -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer
where the modified or added flags are are
-O1 -fsanitize=address -fno-omit-frame-pointer
Fired it up and is looking good so far. CPU
consumption quite reasonable at below 10%,
though the relay is capped at 350 Kbytes/sec
(while spiking to 500+ on a regular basis).
CPU hardly seems to have increased at all.
Memory consumption is, of course, up
substantially with 'tor' swallowing 40%
of the available 2G.
Patched
src/common/util.c:finish_daemon()
to direct stdout/stderr to out/err.tor.
If AS traps-out a violation the reported
details will be captured.
Had to add
libasan.so.0 -> libasan.so.0.0.0
libasan.so.0.0.0
libstdc++.so.6 -> libstdc++.so.6.0.18
libstdc++.so.6.0.18
to the 'chroot' jail. Surprised to
see that AS has C++ elements.
Unfortunately AS requires
/proc/self
for access to address-space map files so
mount -o bind /proc /chroot_tor/proc
is required, increasing the kernel and local
process attack-surface substantially. Salved the
pain with
echo "1" >/proc/sys/kernel/modules_disabled
'tor' is running on a box dedicated to
routing and has no need for loading modules
after boot completes.
-----
Since it works well I'll probably look at
compiling other components with AS in a couple
of weeks. Those would primarily be
openssl
libevent
zlib
Though a ball-of-yarn dimension exists in that
one should probably also look into compiling
glibc
with AS as well--a nightmare I suspect.
Hopefully applying AS to the 'tor' daemon
has enhanced trip-wiring of much of the
available the attack surface. Looking
forward to running with the upcoming
'seccomp' sandbox.
More information about the tor-relays
mailing list