update connectivity
This commit is contained in:
parent
4a6916732e
commit
98ae59700e
|
@ -10,7 +10,7 @@ package for managing the Tor daemon and setting up and tearing down onion
|
||||||
|
|
||||||
### Private Key Exposure to the Tor Process
|
### Private Key Exposure to the Tor Process
|
||||||
|
|
||||||
**Status: Unmitigated** (Requires Physical Access or Privilege Escalation to
|
**Status: Partially Mitigated** (Requires Physical Access or Privilege Escalation to
|
||||||
exploit)
|
exploit)
|
||||||
|
|
||||||
We must pass the private key of any onion service we wish to set up to the
|
We must pass the private key of any onion service we wish to set up to the
|
||||||
|
@ -19,13 +19,14 @@ process). This is one of the most critical areas that is outside of our
|
||||||
control. Any binding to a rouge tor process or binary will result in
|
control. Any binding to a rouge tor process or binary will result in
|
||||||
compromise of the Onion private key.
|
compromise of the Onion private key.
|
||||||
|
|
||||||
#### Potential Mitigations
|
### Mitigations
|
||||||
|
|
||||||
We should not attempt to bind to the system-provided Tor process as the default,
|
Connectivity attempt to bind to the system-provided Tor process as the default,
|
||||||
unless we have been provided with an authentication token.
|
*only* when it has been provided with an authentication token.
|
||||||
|
|
||||||
Otherwise we should always attempt to deploy our own Tor process using a known
|
Otherwise connectivity always attempts to deploy its own Tor process
|
||||||
good binary packaged with the syste (outside of the scope of the connectivity
|
using a known
|
||||||
|
good binary packaged with the system (outside of the scope of the connectivity
|
||||||
package)
|
package)
|
||||||
|
|
||||||
In the long term we hope an integrated library will become available and allow
|
In the long term we hope an integrated library will become available and allow
|
||||||
|
@ -50,8 +51,6 @@ the Tor process changes.
|
||||||
However, if sufficiently-privileged users wish they can interfere with this
|
However, if sufficiently-privileged users wish they can interfere with this
|
||||||
mechanism, and as such the Tor process is a more brittle component
|
mechanism, and as such the Tor process is a more brittle component
|
||||||
interaction than others.
|
interaction than others.
|
||||||
|
|
||||||
These mechanisms need to be documented.
|
|
||||||
|
|
||||||
## Testing Status
|
## Testing Status
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue