[tor-bugs] #20782 [Applications/Tor Browser Sandbox]: Use a seccomp whitelist when the tor daemon is configured to use Bridges.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Nov 27 11:28:40 UTC 2016
#20782: Use a seccomp whitelist when the tor daemon is configured to use Bridges.
----------------------------------------------+-------------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+-------------------------
Comment (by yawning):
This is what obfs4proxy needs in addition to what's in the existing tor
whitelist on x86_64.
`mprotect` -> `arg2 == PROT_READ | PROT_WRITE`
`futex` -> `arg1 == 1 || arg1 == 0` (FUTEX_WAKE, FUTEX_WAIT)
`setsockopt` -> `arg1 == SOL_TCP && arg2 == TCP_NODELAY`
`set_tid_address: 1`
`mincore: 1`
`dup2: 1`
`select: 1`
`mkdirat: 1` (Might not be needed if the pt state dir exists.)
`fsync: 1`
`epoll_create1` -> `arg0 == EPOLL_CLOEXEC`
`getpeername: 1`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20782#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list