[tor-bugs] #5756 [Tor Relay]: Seccomp system call whitelisting on Linux
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Sep 22 21:49:15 UTC 2012
#5756: Seccomp system call whitelisting on Linux
--------------------------------------+-------------------------------------
Reporter: bugmenot | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Relay | Version:
Keywords: seccomp security sandbox | Parent: #5791
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Changes (by nickm):
* milestone: => Tor: 0.2.4.x-final
Comment:
I think we could do a decent job here without refactoring the rest of Tor
too much.
The tricky part would be that, when seccomp was in use, we'd want to
restrict the places we can open() and restrict the stuff we can exec().
But we could say for now that enabling seccomp means that Tor restricts
these things immediately after it reads its configuration file, and you
can't (for example) add new pluggable transports once seccomp is enabled.
(Refactoring Tor could let us compartmentalize stuff even better, and
could be helpful/needful for better security on other platforms, but it's
possibly a good idea to do what we can now.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5756#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list