Code review of torsocks 2.x

Code review by the Torproject of the new torsocks version created to replace the current 1.3 version.

Code: https://github.com/dgoulet/torsocks

History and Why?: https://lists.torproject.org/pipermail/tor-dev/2013-June/004959.html

August 24th, RC 1: https://lists.torproject.org/pipermail/tor-dev/2013-August/005319.html Sept 2th, RC 2: https://lists.torproject.org/pipermail/tor-dev/2013-September/005359.html

Right now, the code is ready for review and still in release candidate until people are comfortable for a stable version to ideally be packaged and distributed.

added component::core tor/torsocks owner::ioerror priority::medium resolution::fixed status::closed type::enhancement labels

Trac:
Cc: nickm, arma, ioerror, sysrqb to nickm, arma, ioerror, sysrqb, lunar@torproject.org

RC3 just released: https://lists.torproject.org/pipermail/tor-dev/2013-November/005728.html

So apparently this ticket is blocking moving the new torsocks code onto gitweb.torproject.org. I think it should not block this step (or at least, not any longer). I have opened #11326 (moved) as the other ticket.

It's been 4 months since the Tor winter dev. meeting and also almost 2 months since the latest rc7 release (04/04/2014). Still not finding anyone to audit this so should we put a timeout on this or just "wait and see"...?

This 2.0 version is maybe not fully mature code but to be honest 1.3 is scary and right "unsecure" as I explained in the first post on the mailing list before doing this work so at some point (near future please) we should REALLY adopt the new version.

I'd say that we should not persist with 1.3. Reviewing 2.0 should be a priority. IMO it's fine to set a reasonable deadline for these reviews to get people to prioritize doing them.

I am to understand that the review is to cover the entirety of updates over more than a year from 1.3 to current master. I am going to dust off some old scripts and tools for this, as much of the change is refactoring rather than new code or whole re-writes.

Overall, improvements in 2.0 are compelling! I cast my lot into forward motion rather than maintaining 1.3. :)

Trac:
Username: anon

I would like to bump this thread since it's been ~4 months here that we are "waiting" for a reviewer. I found a serious person for that but this person told me that he is running late on reviewing it soonish...

Without a stable version I can't get new feature in that would help improve it quite a bit... Is it possible maybe we call it stable for now but just not ship it yet in the deb.tpo?

Again, TBH, I think torsocks 1.3 is more dangerous so even if 2.0 is not perfect, I think it's a step forward...

I say move forward with 2.0 and remove 1.x from the world.

I concur with arma.

Ok so here is what I'm going to do very soon.

I'll tag and release 2.0.0-stable the upstream code.

This new version is not a drop in replacement, the configuration file has been changed and some more strict security features have been added such as NOT allowing by default inbound connection and syscall() filtering also.

This will most likely need a package warning "à la Debian" that tells the user what's changed from the previous version and that the configuration file is not usable anymore.

Once done, the MOST IMPORTANT THING would be to close down the google.com page that for unknown reason to me have not been done yet!

https://lists.torproject.org/pipermail/tor-dev/2014-March/006351.html

Once we ship that version through deb.tpo.org, I'll make sure to update the Wiki as much as I can. I expect some needed support for users complaining that 2.0 does not really work anymore with their stuff, I'm prepare to help on that as much as I can.

I need to add some new features also that have been boiling in my head to improve torsocks but at least once we can ship it, I can start doing releases.

Do we still think that this review will realistically happen, or is it time to close this ticket?

A couple months ago, dkg offered to help with the review but he couldn't tell give me a timeframe. I suspect he might still want to work on it. Probably pinging him again could be a good idea. Also, I'm guessing that if someone wants to contribute to Tor and goes through the ticket, this once could still be relevant to accomplish.

Review curtailed; ah Paris...

Initial review showed nothing defect or vulnerability wise of concern. I had some greps and seds that reduced a lot of porting/refactoring chaf I felt like not looking at (in the diff).

My suggestions were all of the widest portability and conservative code practice suggestion variety. I will dig them up off recovery volumes, if only to serve as footnote.

As for "will this review happen", not by anon. If someone else is willing to do an audit, that would be great.

As for closing out ticket, I stand by my prior comments that 2.0 is leagues better. That initial review (read: incomplete, but not totally useless) is positive and my feedback oriented around improvement rather than defect correction.

Trac:
Username: anon

Ok so multiple people have looked and contributed at it. yawning, nickm, sysrqb and other people have a fairly good understanding of the code base.

Torsocks 2.x is also stable for a while so let's close this one and consider the code "broadly known" :).

Trac:
Resolution: N/A to fixed
Status: new to closed

closed

moved to tpo/core/torsocks#10007 (closed)