[tor-bugs] #20782 [Applications/Tor Browser Sandbox]: Use a seccomp whitelist when the tor daemon is configured to use Bridges.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 26 00:36:35 UTC 2016
#20782: Use a seccomp whitelist when the tor daemon is configured to use Bridges.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
The seccomp whitelist for the tor sandbox only has the system calls
required for the tor daemon itself (based off tor's `UseSandbox`
implementation). This causes obfs4proxy to not work, so when Bridges are
enabled, a rudimentary blacklist is installed instead.
The proper thing to do would be to figure out what systemcalls obfs4proxy
needs in addition to the ones in the current whitelist and selective
expand the whitelist at runtime based on configuration.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20782>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list