Tiny Core Linux

Tiny Core Extensions => TCE Bugs => Topic started by: netnomad on November 09, 2012, 12:21:05 PM

Title: tor - Security issue discovered in TOR client - Update request
Post by: netnomad on November 09, 2012, 12:21:05 PM

hi gutmensch, hi batnas,

a security issue is discovered in TOR client.
please consider an update:

http://www.h-online.com/open/news/item/Security-issue-discovered-in-TOR-client-Update-1746884.html

btw there is a further bug:
Nov 10 10:29:09.690 [notice] Tor v0.2.2.36 (git-c1414cf70cbfcbb7). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
Nov 10 10:29:09.693 [notice] Initialized libevent version 2.0.10-stable using method epoll. Good.
Nov 10 10:29:09.693 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 10 10:29:09.693 [warn] Couldn't open file for 'Log notice file /var/log/tor/tor.log': No such file or directory
Nov 10 10:29:09.694 [notice] Closing partially-constructed listener Socks listener on 127.0.0.1:9050
Nov 10 10:29:09.694 [warn] Failed to parse/validate config: Failed to init Log options. See logs for details.
Nov 10 10:29:09.694 [err] Reading config failed--see warnings above.

i have to create the dir /var/log/tor and then
chown tor.log tc:staff
to solve this problem...

thank you for your help.

Title: Re: tor - Security issue discovered in TOR client - Update request
Post by: netnomad on November 12, 2012, 02:29:35 PM

hi friends,

are there no tor users with interest in security out there?

i guess packages like ssl, ssh and tor should be in a unsecure state as short-time as possible.

thank you for all your contributions.

Title: Re: tor - Security issue discovered in TOR client - Update request
Post by: solorin on November 12, 2012, 09:25:00 PM

http://www.viva64.com/en/b/0178/

IANAE, but from the original posting, it seemed like it was an issue with Microsoft compilers.

If you are really concerned, why don't you submit an update?

cheerio,
solorin

Title: Re: tor - Security issue discovered in TOR client - Update request
Post by: gutmensch on November 17, 2012, 05:32:13 AM

heyho, first of all I always recommend reading the info file. The maintainer often intends to say something there. ;-)

Quote

Comments:       Edit /usr/local/etc/tor/torrc to your needs and add to backup.

                Usage:
                        Activate tor through Cpanel => Services.
                Or:
                        /usr/local/etc/init.d/tor start
                        /usr/local/etc/init.d/tor stop

If you want to run it by other means then you will have to setup this yourself, absolutely correct. The log file properties are properly set through the init script, try to use this one instead of calling the tor daemon yourself.
@Update: I'll submit an update, no problem :-)


[edit]
Update online!
[/edit]

Title: Re: tor - Security issue discovered in TOR client - Update request
Post by: solorin on November 19, 2012, 08:44:54 AM

thanks, good man.

Title: Re: tor - Security issue discovered in TOR client - Update request
Post by: solorin on November 19, 2012, 08:52:28 AM

and please forgive me netnomad if my reply sounded a little harsh.
thanks for your concern for everyone's security and privacy.