[tor-bugs] #9168 [Tor]: GSOC seccomp stage 1
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 3 14:06:25 UTC 2013
#9168: GSOC seccomp stage 1
--------------------------------------------+-------------------------------
Reporter: ctoader | Owner: nickm
Type: enhancement | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-relay gsoc seccomp sandbox | Parent:
Points: | Actualpoints:
--------------------------------------------+-------------------------------
Comment(by nickm):
Follow-up review:
* log_err() won't work any better from a signal handler than fprintf().
It calls snprintf, which isn't in the signal-safe functions list. Also,
exit() isn't on the signal-safe functions list, either, although _exit()
is. If you have a look at "man sigaction" or "man 7 signal", it should
list the functions which can be safely called.
* Based on that, I wonder if there shouldn't be configurable levels of
sandboxing configurable, where one of them records the forbidden system
calls and continues, and one of them just aborts. Let's talk about the
right interface for that.
* Is the socketcall() thing still necessary now that we switched to add
from add_exact?
Other notes:
* I still need to write the autoconf/automake magic here.
* There should be documentation for the Sandbox option in doc/tor.1.txt
* Probably we should squash before merging. (The branch is 3184 lines
long, but the diff is only 339 lines long)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9168#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list