commit 577f98c3804df4cf65e95d5c577e91cd685fabff Author: Damian Johnson atagar@torproject.org Date: Wed Feb 11 08:14:01 2015 -0800
Drop the 'Help improve Tor sandboxing' project idea
Nick and David both say this is done. --- getinvolved/en/volunteer.wml | 68 +----------------------------------------- 1 file changed, 1 insertion(+), 67 deletions(-)
diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml index ab1b164..514bf2d 100644 --- a/getinvolved/en/volunteer.wml +++ b/getinvolved/en/volunteer.wml @@ -405,8 +405,7 @@ meetings around the world.</li> <i><a href="#improveTorTestCoverage">Improve test coverage in Tor</a></i><br /> <i><a href="#useMoreCores">Have the Tor daemon use more cores</a></i><br /> <i><a href="#improveHiddenServices">Help improve Tor hidden services</a></i><br /> - <i><a href="#improvedDnsSupport">Improved DNS support for Tor</a></i><br /> - <i><a href="#torSandboxing">Help improve Tor sandboxing</a></i> + <i><a href="#improvedDnsSupport">Improved DNS support for Tor</a></i> </p>
<a id="project-torbrowser"></a> @@ -1433,71 +1432,6 @@ the codebase that you want to work on. </p> </li>
- <a id="torSandboxing"></a> - <li> - <b>Help improve Tor sandboxing</b> - <br> - Effort Level: <i>Medium</i> - <br> - Skill Level: <i>Medium</i> - <br> - Likely Mentors: <i>David (dgoulet)</i> - <p> -The seccomp2 mechanism on Linux lets programs improve their robustness -against unforseen bugs by running with restrictions on which system -calls they can invoke and how they can call them. This can help -security a lot. - </p> - - <p> -Thanks to a GSOC student from last year, we now have seccomp2 support on -Linux, which we use to restrict the capabilities of the entire Tor -process. (For implementation details, see src/commmon/sandbox.c in the -Tor source.) - </p> - - <p> -But since the restrictions are done over the whole process, all pieces -of the Tor code have permission to do things that only small parts of -the Tor program need to do. Also, since we use seccomp2, these -restrictions only work on Linux. - </p> - - <p> -It would be great to instead divide the main Tor program into multiple -processes with a robust IPC mechanism and assign each process its own -minimal set of privileges; and to have this work (as best we can) on -systems that don't have seccomp2 (eg Windows, Mac). - </p> - - <p> -Either of these could be a whole GSOC project. - </p> - - <p> -To get started, make sure you understand the existing sandboxing code. -If you're interested in splitting Tor into multiple processes, think -about the architecture, and think about how we could reach this -architecture without completely rewriting the codebase. (Remember that -even if you're focusing on Linux, Tor still needs to work on other -operating systems.) - </p> - - <p> -If you're interested in supporting more platforms, make sure you -understand and can explain what sandboxing mechansisms you want to use, -and what they're capable of. (You might want to investigate the way -that other open-source programs, like the Chrome web browser, do their -sandboxing on different platforms.) - </p> - - <p> -As part of the application process for this project, please contribute a -nontrivial patch to Tor -- ideally, one that will affect some part of -the codebase that you want to work on. - </p> - </li> - <a id="panopticlick"></a> <li> <b>Panopticlick</b>
tor-commits@lists.torproject.org