[tor-bugs] #9168 [Tor]: GSOC seccomp stage 1

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 3 14:06:25 UTC 2013

#9168: GSOC seccomp stage 1
 Reporter:  ctoader                         |          Owner:  nickm             
     Type:  enhancement                     |         Status:  needs_revision    
 Priority:  normal                          |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor                             |        Version:                    
 Keywords:  tor-relay gsoc seccomp sandbox  |         Parent:                    
   Points:                                  |   Actualpoints:                    

Comment(by nickm):

 Follow-up review:
   * log_err() won't work any better from a signal handler than fprintf().
 It calls snprintf, which isn't in the signal-safe functions list.  Also,
 exit() isn't on the signal-safe functions list, either, although _exit()
 is.  If you have a look at "man sigaction" or "man 7 signal", it should
 list the functions which can be safely called.
   * Based on that, I wonder if there shouldn't be configurable levels of
 sandboxing configurable, where one of them records the forbidden system
 calls and continues, and one of them just aborts.  Let's talk about the
 right interface for that.
   * Is the socketcall() thing still necessary now that we switched to add
 from add_exact?

 Other notes:
   * I still need to write the autoconf/automake magic here.
   * There should be documentation for the Sandbox option in doc/tor.1.txt
   * Probably we should squash before merging.  (The branch is 3184 lines
 long, but the diff is only 339 lines long)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9168#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list