11 Apr
2014
11 Apr
'14
3:53 a.m.
I updated the patch to 1) have AS close /proc 2) enable core dump files One should add /proc /chroot_tor/proc none noauto,bind 0 0 to /etc/fstab (note the 'noauto'). Then the 'tor' startup script does a mount /chroot_tor/proc ...start tor sleep 10 umount /chroot_tor/proc And it works like a charm. 'tor' starts up with full AddressSanitizer monitoring but with no pesky /proc file system available to potential attackers. Attached are the patch and the /etc/rc.d/init.d/tor startup script.