Opened 10 months ago

Last modified 10 months ago

#27669 needs_review defect

Replace recommendations to use tor-ramdisk with something better

Reported by: traumschule Owned by:
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords:
Cc: traumschule Actual Points:
Parent ID: #13703 Points:
Reviewer: Sponsor:

Description

arma lately mentioned that it is probably not a good idea anymore to use tor-ramdisk. I am looking into alternatives.

Currently tor-ramdisk is mentioned on the new (coming) community projects list (#16576) and the volunteer page:
http://expyuzz4wqqyqhjn.onion/projects/projects.html.en
https://github.com/torproject/webwml/pull/38

Also the wiki links it at several places:
AutomationInventory
doc/VM
doc/EmbeddedTips

Wikipedia has a page about it (#27668).

Adding #13703 as parent to let them know of each other.

Which are good alternatives (in use)?

Child Tickets

Change History (6)

comment:1 Changed 10 months ago by traumschule

comment:3 Changed 10 months ago by traumschule

thinking about a new ticket to track security issues, would you be interested?

Sep 12 2018 Trying to get STACKLEAK into the kernel

STACKLEAK is "an awesome security feature" that was originally developed by The PaX Team as part of the PaX/grsecurity patches. The last public version of the patch set was released in April 2017 for the 4.9 kernel. Popov set himself on the goal of getting STACKLEAK into the kernel shortly after that; he thanked both his employer (Positive Technologies) and his family for giving him working and free time to push STACKLEAK.

grsecurity's comment via twitter:

In fact, the current upstream-proposed STACKLEAK is weaker in a number of areas where it matters, but LWN will never report that because they need it on some public mailing list and written by an upstream developer they can copy+paste their uncritical articles from
(It's also slower for reasons that serve no security purpose at all, and their manual VLA removal has resulted in slower/buggier code in general -- what's faster, a simple check inserted by the compiler to make sure a VLA use is safe, or a whole kmalloc/kfree in a function?)


Sep 12 2018 Intel releases 17 security advisories!


Sep 12 2018 Toward better handling of hardware vulnerabilities on why

Spectre fixes for 32-bit ARM processors do not go back past 4.18

comment:5 Changed 10 months ago by cypherpunks2

There are no current alternatives. Honestly, I would just use tor-ramdisk, even if it no longer has grsecurity/PaX. It's still the lightest Linux-based Tor server out there.

comment:6 Changed 10 months ago by traumschule

Status: newneeds_review

moving it up from the deprecated section: https://github.com/torproject/webwml/pull/53

Note: See TracTickets for help on using tickets.