From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: tor with --expensive-hardening is using way too much memory Date: Wed, 19 Jul 2017 23:05:00 +0000 Message-ID: <20170719230500.vrbv2qqksjd5g4gh@abyayala> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5bdhmdfalippat47" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53315) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dXy1z-0002Yk-BP for guix-devel@gnu.org; Wed, 19 Jul 2017 19:05:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dXy1w-0002PE-5x for guix-devel@gnu.org; Wed, 19 Jul 2017 19:05:23 -0400 Received: from aibo.runbox.com ([91.220.196.211]:35464) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dXy1v-0002OW-UF for guix-devel@gnu.org; Wed, 19 Jul 2017 19:05:20 -0400 Received: from [10.9.9.211] (helo=mailfront11.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1dXy1t-0007un-M1 for guix-devel@gnu.org; Thu, 20 Jul 2017 01:05:17 +0200 Received: from exit1.ipredator.se ([197.231.221.211] helo=localhost) by mailfront11.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1dXy1o-0001ln-A9 for guix-devel@gnu.org; Thu, 20 Jul 2017 01:05:12 +0200 Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --5bdhmdfalippat47 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I noticed this before the contribution entered master, so this message is not really a news. To quote myself from earlier today: I think we should revert one piece of the tor hardened build.. 3= hours uptime: 684.3 MiB + 753.0 KiB =3D 685.1 MiB tor Comparison: my Chromium with 55 tabs open uses 2.2GB. Private + Shared =3D RAM used Program =E2=80=A6=20 12.4 MiB + 1.1 MiB =3D 13.4 MiB vim 15.5 MiB + 959.0 KiB =3D 16.4 MiB Xorg 17.3 MiB + 5.6 MiB =3D 22.9 MiB guix substitute 22.8 MiB + 1.3 MiB =3D 24.1 MiB shepherd 26.7 MiB + 551.5 KiB =3D 27.3 MiB emacs-25.2 131.1 MiB + 6.2 MiB =3D 137.3 MiB .guix-real 732.7 MiB + 932.0 KiB =3D 733.6 MiB tor =E2=80=A6 uptime: 6:24h Now I wouldn't consider tor to be problematic when this would be the default for tor. But it isn't, and --enable-expensive-hardening is an experimental function which is not enabled by default from upstream (as all our recently added config options for tor (not sure right now if all are experimental, but they are not standard). Comparison, Debian running for a very long time (months) and using the same config: 40.6 MiB + 486.0 KiB =3D 41.1 MiB tor I'm convinced that removing --enable-expensive-hardening will improve the situation, I have watched an VM with tor without this config switch. Whoever needs or wants this switch can make use of the easy way to create custom packages in Guix. If someone else can confirm my observations, I'll prepare an patch. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org --5bdhmdfalippat47 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllv5ZwACgkQ4i+bv+40 hYhhGg/+KPC6cKVELUDBYpv9VKDufT5mGQ346vOV2808+t3qAlHu7i1yNfpxn9e/ RhGjdaDnrx+ROWDE8z7L19kfwv3hJBoY39rIQFArNbsIvwTOu+14DGJAydxZyvCR WW8DSiO8e8YVoOl83H1dcDx9MQieg7utH9B1xs/kj/f132duMoQJxGXu+pYPbQsr TzfA6RRds5THohSRzKnuBwBdvmbUHqFfQI/1Eujt9Leq9HJf8qCHcXQdRxbQk1nJ qFoxYFEokaaC8Eqzx6pElEHF+sNq4+iO3iiQyduYOijFImXTn2a4tZY2sPU4aVeO dy6dsV+ni9pnCr9Fl1thoZ9z1HCpnzv4BfYHWBYioTHrFutbgh6rKQs0BoJo0lGt l8+rWDiCcW0KJvsrRgoDh5AI/W+3+sGBNwUGWVjsPovXhrcL1DXBAkDBgplorBxd +KsSMI9C3VpIfc2qqiSeAwKItlO9hOf/t6g99Y7zwkICX121ZEhaHWMtDFUJGfba 0+0HOr/qhvVqgpjrUaiQ2Mu4Qj2RJTm20nYrnV5jzaYilhu6Jk7MVE5mwvGuS8Gc KtBmD86GoJjjML15eUHeQHzOUDelbey1WSaINfGDcvUIEAG2UC2ayh3X24Y86V/Y HV9RNvCWAcCJjhxKRH8QW6dUH5zYHFTnIsrboHH9hq4RNpcSmHo= =Mper -----END PGP SIGNATURE----- --5bdhmdfalippat47--