Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #6521

Closed
Open
Opened Aug 02, 2012 by cypherpunks@cypherpunks

air gap the build machine

Here is the attack... An attacker finds out your build machines IP, buys a zero day exploit, gets access to the build machine, adds malicious code to the binary before it gets hashed and signed. To keep a low profile and to profit for a long time from the backdoor the exploit will only be used against selected high profile targets.

Since you don't have deterministic builds for everything (Tor, TBB) no one will find the backdoor. Don't expect people to thoroughly inspect each and every disassembly.

A good defense for network attacks against the build machine is using air gap.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#6521