Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • pages
  • derive-traits
  • arti-v0.6.0
  • tor-dirmgr-v0.5.1
  • arti-v0.5.0
  • arti-v0.4.0
  • arti-v0.3.0
  • arti-v0.2.0
  • arti-v0.1.0
  • arti-v0.0.4
  • arti-v0.0.3
  • arti-v0.0.2
  • arti-v0.0.1
  • arti-v0.0.0
15 results
Compare
Forked from The Tor Project / Core / Arti
12606 commits behind the upstream repository.
Nick Mathewson's avatar
Second cut at a fs-mistrust crate.
Nick Mathewson authored 
This crate is meant to solve #315 by giving a way to make sure that
a file or directory is only accessible by trusted users.  I've tried
to explain carefully (in comments and documentation) what this crate
is doing and why, under the assumption that it will someday be read
by another person like me who does _not_ live and breathe unix file
permissions.  The crate is still missing some key features, noted in
the TODO section.

It differs from the first version of the crate by taking a more
principled approach to directory checking: it emulates the path
lookup process (reading symlinks and all) one path change at a time,
thus ensuring that we check every directory which could enable
an untrusted user to get to our target file, _or_ which could
enable them to get to any symlink that would get them to the target
file.

The API is also slightly different: It separates the `Mistrust`
object (where you configure what you do or do not trust) from the
`Verifier` (where you set up a check that you want to perform on a
single object).  Verifiers are set up to be a bit ephemeral,
so that it is hard to accidentally declare that _every_ object
is meant to be readable when you only mean that _some_ objects
may be readable.
c4a5a49b
History
Nick Mathewson's avatar c4a5a49b
History
Name Last commit Last update
.cargo-husky/hooks
.gitlab/issue_templates
crates
doc
maint
tests/chutney
arti-corpora @ bd32029d
.ecrc
.editorconfig
.gitignore
.gitlab-ci.yml
.gitmodules
.typos.toml
CHANGELOG.md
CODE_OF_CONDUCT
CONTRIBUTING.md
Cargo.lock
Cargo.toml
LICENSE-APACHE
LICENSE-MIT
README.md
WANT_FROM_OTHER_CRATES
clippy.toml
README.md

Crates.io

Arti: reimplementing Tor in Rust

Arti is a project to produce an embeddable, production-quality implementation of the Tor anonymity protocols in the Rust programming language.

Arti is not ready for production use; see below for more information.

Links:

Why rewrite Tor in Rust?

Rust is more secure than C. Despite our efforts, it's all too simple to mess up when using a language that does not enforce memory safety. We estimate that at least half of our tracked security vulnerabilities would have been impossible in Rust, and many of the others would have been very unlikely.

Rust enables faster development than C. Because of Rust's expressiveness and strong guarantees, we've found that we can be far more efficient and confident writing code in Rust. We hope that in the long run this will improve the pace of our software development.

Arti is more flexible than our C tor implementation. Unlike our C tor, which was designed as SOCKS proxy originally, and whose integration features were later "bolted on", Arti is designed from the ground up to work as a modular, embeddable library that other applications can use.

Arti is cleaner than our C tor implementation. Although we've tried to develop C tor well, we've learned a lot since we started it back in 2002. There are lots of places in the current C codebase where complicated "spaghetti" relationships between different pieces of code make our software needlessly hard to understand and improve.

Current status

Arti is a work-in-progress. It can connect to the Tor network, bootstrap a view of the Tor directory, and make anonymized connections over the network.

We're not aware of any critical security features missing in Arti; but however, since Arti is comparatively new software, you should probably be cautious about using it in production.

Now that Arti has reached version 0.1.0, we believe it is suitable for experimental embedding within other Rust applications. We will try to keep the API as exposed by the top-level arti_client crate more or less stable over time. (We may have to break existing programs from time to time, but we will try not to do so without a very good reason. Either way, we will try to follow Rust's semantic versioning best practices.)

Trying it out today

Arti can act as a SOCKS proxy that uses the Tor network.

To try it out, run the demo program in arti as follows. It will open a SOCKS proxy on port 9150.

% cargo run --release -- proxy

Again, do not use this program yet if you seriously need anonymity, privacy, security, or stability.

If you run into any trouble building the program, please have a look at the troubleshooting guide.

Minimum supported Rust Version

Our current Minimum Supported Rust Version (MSRV) is 1.53.

When increasing this MSRV, we won't require any Rust version released in the last six months. (That is, we'll only require Rust versions released at least six months ago.)

We will not increase MSRV on PATCH releases, though our dependencies might.

We won't increase MSRV just because we can: we'll only do so when we have a reason. (We don't guarantee that you'll agree with our reasoning; only that it will exist.)

Helping out

Have a look at our contributor guidelines.

Roadmap

Thanks to a generous grant from Zcash Open Major Grants (ZOMG), we're able to devote some significant time to Arti in the years 2021-2022. Here is our rough set of plans for what we hope to deliver when.

The goal times below are complete imagination, based on broad assumptions about developer availability. Please don't take them too seriously until we can get our project manager to sign off on them.

  • Arti 0.0.1: Minimal Secure Client (Goal: end of October 2021??)

    • Target audience: developers
    • Guard support
    • Stream Isolation
    • High test coverage
    • Draft APIs for basic usage
    • Code cleanups
    • and more...

  • Arti 0.1.0: Okay for experimental embedding (Goal: Mid March, 2022??)

    • Target audience: beta testers
    • Performance: preemptive circuit construction
    • Performance: circuit build timeout inference
    • API support for embedding
    • API support for status reporting
    • Correct timeout behavior
    • and more...

  • Arti 1.0.0: Initial stable release (Goal: Mid September, 2022??)

    • Target audience: initial users
    • Stable API
    • Stable CLI
    • Stable configuration format
    • Automatic detection and response of more kinds of network problems
    • At least as secure as C Tor
    • Client performance similar to C Tor
    • More performance work
    • and more...

  • Arti 1.1.0: Anti-censorship features (Goal: End of October, 2022?)

    • Target audience: censored users
    • Bridges
    • Pluggable transports
    • and more...?

  • Arti 1.2.0: Onion service support (not funded, timeframe TBD)

  • Arti 2.0.0: Feature parity with C tor as a client (not funded, timeframe TBD)

  • Arti ?.?.?: Relay support

How can I report bugs?

When you find bugs, please report them on our bugtracker. If you don't already have an account there, you can either request an account or report a bug anonymously.

How can I help out?

See CONTRIBUTING.md for a few ideas for how to get started.

License

This code is licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

(The above notice, or something like it, seems to be pretty standard in Rust projects, so I'm using it here too. This instance of it is copied from the RustCrypto project's README.md file.)