[tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 7 14:48:13 UTC 2013
#9894: Sandbox doesn't work with obfsproxy
------------------------+---------------------------------------
Reporter: zoltan | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: 0.2.5.1-alpha
Resolution: | Keywords: sandbox tor-client tor-pt
Actual Points: | Parent ID:
Points: |
------------------------+---------------------------------------
Changes (by nickm):
* keywords: => sandbox tor-client tor-pt
Comment:
0x2a is sys_pipe, so maybe we just need to whitelist the pipe syscall.
Try the attached patch?
Possible outcomes:
* '''Everything works fine:''' Yay; let's merge this patch.
* '''Tor still crashes, but crashes differently this time:''' We'll
need to whitelist another syscall too.
* '''Tor works okay, but obfsproxy dies:''' This would mean that
obfsproxy requires some functionality that Tor is disabling. In that
case, we'll have to run obfsproxy with fewer restrictions than Tor itself.
We'll probably need a helper thread running with high privilege whose
whose job is to execute other programs. Setting it up so that it only runs
permissible programs, no matter what Tor tells it, will be the fun part.
ctoader is working on something like this, I hear.
Possible workaround:
* Use obfsproxy in external proxy mode, not managed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9894#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list