commit db09c0bb793c705a13e275dc6d52eed70ca95c80 Author: Yawning Angel yawning@schwanenlied.me Date: Sat Nov 26 18:22:10 2016 +0000

Bug #20773: Don't mount /proc in the tor container even with PTs.

Looking at the Go 1.7.3 source code, all of the usages of `/proc` by obfs4proxy either shouldn't get called, or have graceful failure modes. --- .../internal/sandbox/application.go | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index 1e38adc..0908af1 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -458,19 +458,24 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) { h.stderr = logger if !cfg.Tor.UseBridges { h.seccompFn = installTorSeccompProfile - - // The tor daemon only uses this to calculate MaxMemInQueues, - // which is a relay thing, so this can safely be disabled. - // - // Not sure about what to do wrt pluggable transports yet, - // obfs4proxy seems to function fine, and the reads it does - // look innocent enough, but more investigation is needed. - h.mountProc = false } else { h.seccompFn = installBasicSeccompBlacklist } h.unshare.net = false // Tor needs host network access.

+ // Regarding `/proc`... + // + // `/proc/meminfo` - tor dameon, used to calculate `MaxMemInQueues`, + // fails gracefully. + // `/proc/sys/kernel/hostname` - obfs4proxy, Go runtime uses this to + // determine hostname, 99% sure this is in the binary but not used + // due to the `log` package's syslog target. + // `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to + // determine listener backlog, but will default to `128` on errors. + // + // See: https://bugs.torproject.org/20773 + h.mountProc = false + if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil { return }