WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: tor - Security issue discovered in TOR client - Update request  (Read 3049 times)

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
tor - Security issue discovered in TOR client - Update request
« on: November 09, 2012, 12:21:05 PM »
hi gutmensch, hi batnas,

a security issue is discovered in TOR client.
please consider an update:

http://www.h-online.com/open/news/item/Security-issue-discovered-in-TOR-client-Update-1746884.html

btw there is a further bug:
Nov 10 10:29:09.690 [notice] Tor v0.2.2.36 (git-c1414cf70cbfcbb7). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
Nov 10 10:29:09.693 [notice] Initialized libevent version 2.0.10-stable using method epoll. Good.
Nov 10 10:29:09.693 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 10 10:29:09.693 [warn] Couldn't open file for 'Log notice file /var/log/tor/tor.log': No such file or directory
Nov 10 10:29:09.694 [notice] Closing partially-constructed listener Socks listener on 127.0.0.1:9050
Nov 10 10:29:09.694 [warn] Failed to parse/validate config: Failed to init Log options. See logs for details.
Nov 10 10:29:09.694 [err] Reading config failed--see warnings above.

i have to create the dir /var/log/tor and then
chown tor.log tc:staff
to solve this problem...

thank you for your help.
« Last Edit: November 10, 2012, 04:30:57 AM by netnomad »

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
Re: tor - Security issue discovered in TOR client - Update request
« Reply #1 on: November 12, 2012, 02:29:35 PM »
hi friends,

are there no tor users with interest in security out there?

i guess packages like ssl, ssh and tor should be in a unsecure state as short-time as possible.

thank you for all your contributions.
« Last Edit: November 12, 2012, 02:32:22 PM by netnomad »

Offline solorin

  • Full Member
  • ***
  • Posts: 184
Re: tor - Security issue discovered in TOR client - Update request
« Reply #2 on: November 12, 2012, 09:25:00 PM »
http://www.viva64.com/en/b/0178/

IANAE, but from the original posting, it seemed like it was an issue with Microsoft compilers.

If you are really concerned, why don't you submit an update?

cheerio,
solorin
. . . if you don't know, now you know. . .
        ----- R.I.P. Biggie Smalls -----

Offline gutmensch

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 605
  • I can make it disappear, have no fear!
    • remembrance blog
Re: tor - Security issue discovered in TOR client - Update request
« Reply #3 on: November 17, 2012, 05:32:13 AM »
heyho, first of all I always recommend reading the info file. The maintainer often intends to say something there. ;-)
Quote
Comments:       Edit /usr/local/etc/tor/torrc to your needs and add to backup.

                Usage:
                        Activate tor through Cpanel => Services.
                Or:
                        /usr/local/etc/init.d/tor start
                        /usr/local/etc/init.d/tor stop
If you want to run it by other means then you will have to setup this yourself, absolutely correct. The log file properties are properly set through the init script, try to use this one instead of calling the tor daemon yourself.
@Update: I'll submit an update, no problem :-)


[edit]
Update online!
[/edit]
« Last Edit: November 17, 2012, 06:05:39 AM by gutmensch »
If I seem unduly clear to you, you must have misunderstood what I said. (Alan Greenspan)

Offline solorin

  • Full Member
  • ***
  • Posts: 184
Re: tor - Security issue discovered in TOR client - Update request
« Reply #4 on: November 19, 2012, 08:44:54 AM »
thanks, good man.
. . . if you don't know, now you know. . .
        ----- R.I.P. Biggie Smalls -----

Offline solorin

  • Full Member
  • ***
  • Posts: 184
Re: tor - Security issue discovered in TOR client - Update request
« Reply #5 on: November 19, 2012, 08:52:28 AM »
and please forgive me netnomad if my reply sounded a little harsh.
thanks for your concern for everyone's security and privacy.
. . . if you don't know, now you know. . .
        ----- R.I.P. Biggie Smalls -----