diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/README | 7 | ||||
-rw-r--r-- | contrib/clang/sanitize_blacklist.txt | 92 | ||||
-rw-r--r-- | contrib/dist/tor.service.in | 45 | ||||
-rw-r--r-- | contrib/win32build/tor-mingw.nsi.in | 2 |
4 files changed, 128 insertions, 18 deletions
diff --git a/contrib/README b/contrib/README index 07c6f777d5..3a94bb5016 100644 --- a/contrib/README +++ b/contrib/README @@ -11,6 +11,13 @@ add-tor is an old script to manipulate the approved-routers file. nagios-check-tor-authority-cert is a nagios script to check when Tor authority certificates are expired or nearly expired. +clang/ -- Files for use with the clang compiler +----------------------------------------------- + +sanitize_blacklist.txt is used to build Tor with clang's dynamic +AddressSanitizer and UndefinedBehaviorSanitizer. It contains detailed +instructions on configuration, build, and testing with clang's sanitizers. + client-tools/ -- Tools for use with Tor clients ----------------------------------------------- diff --git a/contrib/clang/sanitize_blacklist.txt b/contrib/clang/sanitize_blacklist.txt new file mode 100644 index 0000000000..03d1e70f31 --- /dev/null +++ b/contrib/clang/sanitize_blacklist.txt @@ -0,0 +1,92 @@ +# clang sanitizer special case list +# syntax specified in http://clang.llvm.org/docs/SanitizerSpecialCaseList.html +# for more info see http://clang.llvm.org/docs/AddressSanitizer.html + +# usage: +# 1. configure tor build: +# ./configure \ +# CC=clang \ +# CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \ +# LDFLAGS="-fsanitize=address" \ +# --disable-gcc-hardening +# and any other flags required to build tor on your OS. +# +# 2. build tor: +# make +# +# 3. test tor: +# ASAN_OPTIONS=allow_user_segv_handler=1 make test +# ASAN_OPTIONS=allow_user_segv_handler=1 make check +# make test-network # requires chutney +# +# 4. the tor binary is now instrumented with clang sanitizers, +# and can be run just like a standard tor binary + +# Compatibility: +# This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer +# and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing +# on both x86_64 and i386 (using CC="clang -arch i386") +# It has not been tested with ThreadSanitizer or MemorySanitizer +# Success report and patches for other sanitizers or OSs are welcome + +# ccache and make don't account for the sanitizer blacklist as a dependency +# you might need to set CCACHE_DISABLE=1 and/or use make clean to workaround + +# Configuration Flags: +# -fno-sanitize-recover=all +# causes clang to crash on undefined behavior, rather than printing +# a warning and continuing (the AddressSanitizer always crashes) +# -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline +# make clang backtraces easier to read +# --disable-gcc-hardening +# disables warnings about the redefinition of _FORTIFY_SOURCE +# (it conflicts with the sanitizers) + +# Turning the sanitizers off for particular functions: +# (Unfortunately, exempting functions doesn't work for the blacklisted +# functions below, and we can't turn the code off because it's essential) +# +# #if defined(__has_feature) +# #if __has_feature(address_sanitizer) +# /* tell clang AddressSanitizer not to instrument this function */ +# #define NOASAN __attribute__((no_sanitize_address)) +# #define _CLANG_ASAN_ +# #else +# #define NOASAN +# #endif +# #else +# #define NOASAN +# #endif +# +# /* Telling AddressSanitizer to not instrument a function */ +# void func(void) NOASAN; +# +# /* Including or excluding sections of code */ +# #ifdef _CLANG_ASAN_ +# /* code that only runs under address sanitizer */ +# #else +# /* code that doesn't run under address sanitizer */ +# #endif + +# Blacklist Entries: + +# test-memwipe.c checks if a freed buffer was properly wiped +fun:vmemeq +fun:check_a_buffer + +# we need to allow the tor bt handler to catch SIGSEGV +# otherwise address sanitizer munges the expected output and the test fails +# we can do this by setting an environmental variable +# See https://code.google.com/p/address-sanitizer/wiki/Flags +# ASAN_OPTIONS=allow_user_segv_handler=1 + +# test_bt_cl.c stores to a NULL pointer to trigger a crash +fun:crash + +# curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed +# integers. Until #13538 is resolved, we exempt functions that do left shifts. +# Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c +fun:freduce_coefficients +fun:freduce_degree +fun:s32_eq +fun:fcontract diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in index 2fe51c75d9..9c1a255b2e 100644 --- a/contrib/dist/tor.service.in +++ b/contrib/dist/tor.service.in @@ -1,24 +1,35 @@ +# tor.service -- this systemd configuration file for Tor sets up a +# relatively conservative, hardened Tor service. You may need to +# edit it if you are making changes to your Tor configuration that it +# does not allow. Package maintainers: this should be a starting point +# for your tor.service; it is not the last point. + [Unit] -Description = Anonymizing overlay network for TCP -After = syslog.target network.target nss-lookup.target +Description=Anonymizing overlay network for TCP +After=syslog.target network.target nss-lookup.target [Service] -Type = simple -ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config -# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type; -# let's explicitly override it. -ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0 -ExecReload = /bin/kill -HUP ${MAINPID} -KillSignal = SIGINT -TimeoutSec = 30 -Restart = on-failure -LimitNOFILE = 32768 +Type=notify +NotifyAccess=all +ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config +ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutSec=30 +Restart=on-failure +WatchdogSec=1m +LimitNOFILE=32768 # Hardening -PrivateTmp = yes -DeviceAllow = /dev/null rw -DeviceAllow = /dev/urandom r -InaccessibleDirectories = /home +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-@LOCALSTATEDIR@/lib/tor +ReadWriteDirectories=-@LOCALSTATEDIR@/log/tor +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE [Install] -WantedBy = multi-user.target +WantedBy=multi-user.target diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 9d9eef6321..2ab2b14efd 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.5.16-dev" +!define VERSION "0.2.8.17-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" |