All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Tor Project Transitions from C to Rust for Enhanced Security with Arti Rewrite

By

giuliomagnifico

5mo ago· 3 min readenNews
Bagel score 90 of 100
90/100
Golden Brown
Bagelometer

An everything bagel for the brain. Substantive, layered, well-seasoned.

Score90TypenewsSentimentpositive

Summary

The Tor Project is transitioning from C to Rust for its core software, citing security vulnerabilities in the C codebase such as buffer overflows and memory corruption issues. The project has introduced Arti, a Rust rewrite of Tor that leverages Rust's memory safety features to address these security flaws. The latest Arti 1.8.0 release includes improvements like circuit isolation and onion service enhancements.

Key quotes

· 4 pulled
The Tor Project has been busy with the rustification of their offering for quite some time now.
All of it is built on C. But that C codebase is an issue. It is known to have buffer overflows, use-after-free bugs, and memory corruption vulnerabilities.
That is why they introduced Arti, a Rust rewrite of Tor that tackles these flaws by leveraging the memory safety of the programming language.
Arti, the Rust rewrite of Tor, brings circuit isolation and onion service improvements in its 1.8.0 release.
Snippet from the RSS feed
Arti, the Rust rewrite of Tor, brings circuit isolation and onion service improvements in its 1.8.0 release.

You might also wanna read

Rust Programming Language Faces Inevitable Supply Chain Security Threats

The article warns about inevitable supply chain attacks targeting the Rust programming language ecosystem, predicting that malicious actors

kerkour.com·1mo ago

Astral's Security Practices for Open Source Developer Tools

Astral, a company that builds developer tools, shares its security practices in response to growing concerns about supply chain attacks. The

astral.sh·1mo ago

Real-Time Investigation of LiteLLM 1.82.8 PyPI Supply Chain Attack on March 24, 2026

This article documents a real-time investigation and response to the LiteLLM 1.82.8 supply chain attack on March 24, 2026. It presents a min

futuresearch.ai·2mo ago

NanoClaw Adopts OneCLI Agent Vault for Enhanced Security and Credential Management

NanoClaw is adopting OneCLI's Agent Vault as its default credential and proxying layer, replacing its previous credential proxy system. The

nanoclaw.dev·2mo ago

Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets

A new supply chain attack targeting Trivy's GitHub Actions has been disclosed, where attackers compromised the security scanner by force-upd

socket.dev·2mo ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at

grith.ai·2mo ago