update connectivity
This commit is contained in:
parent
4a6916732e
commit
98ae59700e
|
@ -10,7 +10,7 @@ package for managing the Tor daemon and setting up and tearing down onion
|
|||
|
||||
### Private Key Exposure to the Tor Process
|
||||
|
||||
**Status: Unmitigated** (Requires Physical Access or Privilege Escalation to
|
||||
**Status: Partially Mitigated** (Requires Physical Access or Privilege Escalation to
|
||||
exploit)
|
||||
|
||||
We must pass the private key of any onion service we wish to set up to the
|
||||
|
@ -19,13 +19,14 @@ process). This is one of the most critical areas that is outside of our
|
|||
control. Any binding to a rouge tor process or binary will result in
|
||||
compromise of the Onion private key.
|
||||
|
||||
#### Potential Mitigations
|
||||
### Mitigations
|
||||
|
||||
We should not attempt to bind to the system-provided Tor process as the default,
|
||||
unless we have been provided with an authentication token.
|
||||
Connectivity attempt to bind to the system-provided Tor process as the default,
|
||||
*only* when it has been provided with an authentication token.
|
||||
|
||||
Otherwise we should always attempt to deploy our own Tor process using a known
|
||||
good binary packaged with the syste (outside of the scope of the connectivity
|
||||
Otherwise connectivity always attempts to deploy its own Tor process
|
||||
using a known
|
||||
good binary packaged with the system (outside of the scope of the connectivity
|
||||
package)
|
||||
|
||||
In the long term we hope an integrated library will become available and allow
|
||||
|
@ -50,8 +51,6 @@ the Tor process changes.
|
|||
However, if sufficiently-privileged users wish they can interfere with this
|
||||
mechanism, and as such the Tor process is a more brittle component
|
||||
interaction than others.
|
||||
|
||||
These mechanisms need to be documented.
|
||||
|
||||
## Testing Status
|
||||
|
||||
|
|
Loading…
Reference in New Issue