opensource.dyc.edu

The tor team recently moved their stable branch from tor 0.2.0.x to 0.2.1.x which introduced many feature improvements and bug fixes --- see their changelog. The new codebase, however, revealed a bug in the stack smashing protector (SSP) of gentoo's stock hardened compiler gcc-3.4.6 --- see tor bug #1060. Luckily, the work we've been doing with Zorry on the hardened-development gentoo overlay has matured enough that it is ready to be used for development on uClibc systems. In fact, we built an entire hardened uclibc system based around binutils-2.18, uclibc-0.9.30.1 and gcc-4.4.1 patched with Zorry's espf-0.3.3. Using this as our development environment, we were able to build our current tor-ramdisk image with SSP and the rest of gentoo's hardening features.

The only item on the todo list is a suggestion that we include sftp rather than ftp for transfering the config file and RSA key. This will take some reworking of the build scripts and the setup scripts in order to accomodate dropbear rather than busybox's built in ftp client.