![]() So you should be very conservative about handing out your Torchat ID and only give it to extremely trusted associates Nevertheless, Torchat could benefit from some limits on the amount of space it will take for downloads. The more serious problem is that /tmp is filled up, so you can't create files there. In that case, it does not cost you any actual RAM, since the tmpfs is sure to end up in the swap area). So it can't actually cause a memory DOS attack, or at least not a terribly severe one (especially if you have a swap partition that is twice the amount of RAM, as is usually recommended and as is the default for Debian swap. By default, the Linux kernel limits tmpfs to 50% of available virtual memory, and usually if you have a tmpfs mounted on /tmp you would set it even lower. Regardless, filling up a tmpfs is actually fairly harmless. And it's usually not a good idea to do so. For example, on Debian default installs it isn't. It automatically starts the transfer, writing the file to /tmp which is a RAM-mounted tmpfs on Linux So you should be very conservative about handing out your Torchat ID and only give it to extremely trusted associates. If you want to cut off contact with someone, you have to get a new Torchat ID. The reason is because your Torchat instance is a hidden service that publishes a normal hidden service descriptor which anyone can download. If the kernel is managing the system correctly, it may just stop the transfer when you run out of RAM.Īnother thing is that once someone learns your Torchat ID there is no way to prevent them from knowing you are online, even if you remove them from your buddy list. This would be great for inducing intersection attacks. Theoretically an attacker could transfer /dev/urandom while you are away from your computer until it fills up your RAM and crashes your computer. Then you are supposed to save the file somewhere. It automatically starts the transfer, writing the file to /tmp which is a RAM-mounted tmpfs on Linux. There is no way to decline a file transfer. It also seems to be a very basic protocol that looks like netcat over Tor. It creates a hidden service on your computer leaving you vulnerable to deanonymization attacks that apply to all hidden services. It has not undergone a proper security audit, professional or otherwise, that I know of. Warning!! Never, EVER click on any marketplace URL shared on /r/onions. ![]()
0 Comments
Leave a Reply. |