Skip to content

v0.7.0

Choose a tag to compare

@mangetoncompost mangetoncompost released this 30 Jun 23:11

Second security audit. All findings confirmed with reference sources before implementation.

Critical

  • pf kill switch rule order fixed: block all was before pass rules - with quick, pass was never reached (man pf.conf). Tor could not connect to relays; the kill switch was silently broken.
  • pf anchor file now written via ts_helper (new write-pf-anchor verb with O_NOFOLLOW): /etc/pf.anchors/ is root:wheel 755, direct write was silently failing, no rules were ever loaded.

High

  • Removed pass in quick tcp: accepted externally-initiated connections through the kill switch. Stateful tracking handles return packets automatically.
  • Tor relay ports 443, 9001, 80 added to pf pass rules: only 9050 (local SOCKS) was allowed, Tor could not bootstrap.
  • /bin/kill absolute path in ts_helper: execv("kill") fails with ENOENT (execv does not search PATH). dnsmasq was never killed by PID.
  • hex_decode() panic fixed: odd-length input from a malformed Tor response crashed TorShield, triggering the watchdog to flush pf and expose the real IP.
  • IPv6 disabled before MAC spoof: ifconfig down/up triggers NDP Router Solicitations that may expose the fe80:: link-local (RFC 4861 s.6.3.7).

Medium

  • No outbound request at startup: reqwest::no_proxy() was sending the real IP to api.ipify.org before Tor was active. Replaced by local_real_ip() via ipconfig getifaddr (no network request).
  • ts_helper.c bundle integrity check: on-disk source compared against the copy embedded in the binary at compile time. Tampered source is discarded to prevent LPE via recompilation.
  • torrc permissions set to 600: was 644, allowing local modification of ExcludeExitNodes or injection of HiddenServiceDir.
  • Captive portal blocked: captiveagent bypasses the SOCKS5 proxy (Apple system daemon). captive.apple.com blocked in /etc/hosts when the kill switch is active.
  • mDNS hostname anonymized: LocalHostName/ComputerName/HostName set to neutral values at enable, restored at disable. Prevents hostname/model identification on local networks (Fingerprint.com: 65% first-name identification rate).
  • helper_ok() uses symlink_metadata() (lstat): metadata() follows symlinks, a symlink at ts_helper pointing to a legitimate SUID binary would have passed the check.

Firefox

  • DNS prefetch disabled: network.dns.disablePrefetchFromHTTPS defaults to false since Firefox 127 (arkenfox #1860) - prefetch lookups bypass the SOCKS5 proxy. Added network.prefetch-next, browser.send_pings, media.navigator.enabled.