[tor-bugs] #7005 [Tor Relay]: seccomp2
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Oct 1 03:09:14 UTC 2012
#7005: seccomp2
-------------------------+--------------------------------------------------
Reporter: ioerror | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version: Tor: unspecified
Keywords: security | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Tor should attempt to use seccomp2 - to that end - we should find a list
of syscalls that we'd will ever expect tor to use and add them to a
seccomp filter. We should also allow relays to have a much more
restrictive seccomp filter set if they wish at compile time.
A good url for examples is here:
http://outflux.net/teach-seccomp/
We may want to use libseccomp:
http://sourceforge.net/projects/libseccomp/
http://sourceforge.net/p/libseccomp/libseccomp/ci/f08622cda8ff41d8d77d70ab034ab26413289013/tree/
In theory this will be a first line (zero being not having a bug) of
defense against someone actually getting arbitrary code execution in tor
or related libraries. The next line of defense would be a jail or a
chroot. The next line would be some kind of kernel ACL/MAC like
SELinux/AppArmor/GRSec/etc. I suppose in reality, it's all together as one
but I'm pretending for the sake of simplicity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7005>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list