[tor-bugs] #5220 [Tor Client]: Intelligently use capabilities/privileges and drop what we don't need for Debian Gnu/Linux

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Feb 24 00:29:03 UTC 2012


#5220: Intelligently use capabilities/privileges and drop what we don't need for
Debian Gnu/Linux
-------------------------+--------------------------------------------------
 Reporter:  ioerror      |          Owner:                  
     Type:  enhancement  |         Status:  new             
 Priority:  major        |      Milestone:  Tor: unspecified
Component:  Tor Client   |        Version:  Tor: unspecified
 Keywords:  security     |         Parent:  #5219           
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------

Comment(by ioerror):

 For Gnu/Linux I think we should do something like:
 0) define the caps we need or expect - see 'man capabilities'
 1) ship an apparmor profile that matches 0)
 2) in tor, define the caps we need and drop to debian-tor keeping what we
 need
 2a) eg: load torrc, drop caps, parse torrc
 3) in each sub process (eg: tor-fw-helper) we drop caps the sub process
 doesn't need in whatever we have execed

 In the long term view, Nick and I suggest discussing with Christian
 Grothoff et al that we should switch to a multi-user/multi-process
 qmail/gnunet like system for different tasks we wish to perform.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5220#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list