[tor-bugs] #20782 [Applications/Tor Browser Sandbox]: Use a seccomp whitelist when the tor daemon is configured to use Bridges.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Nov 27 00:31:26 UTC 2016
#20782: Use a seccomp whitelist when the tor daemon is configured to use Bridges.
----------------------------------------------+-------------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+-------------------------
Comment (by yawning):
Upon deeper thought, the real solution to this is to spawn PTs in their
own container, each with a tailored whitelist, particularly since #20781
will require that, so it may as well be generalized.
The main stumbling point would be that tor doesn't support using
`AF_LOCAL` to talk to PTs, but if I do this correctly the tor sandbox can
run without external network access when PTs are used.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20782#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list