[tor-bugs] #20063 [Core Tor/Tor]: Permit sched_yield in sandbox
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 13 13:31:52 UTC 2016
#20063: Permit sched_yield in sandbox
----------------------------+------------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: review-group-8 | Actual Points: 0
Parent ID: | Points: 0
Reviewer: | Sponsor:
----------------------------+------------------------------------
Comment (by asn):
Hmm, is there a way to reproduce this problem, so that we can test the
fix?
I tried running an unpatched tor (git-6abce601f22) with `--enable-
expensive-hardening` and `Sandbox 1` and encountered no problems with this
torrc:
{{{
Sandbox 1
SocksPort auto
}}}
Tor bootstrapped to 100% no problem.
All in all, the patch seems like it's doing what is advertised, but I
actually don't know anything about the workings of seccomp and our
sandbox. A review by a more experienced person in this area would be
appreciated.
One question: Should we only whitelist those syscalls '''if and only if'''
ASAN is enabled? Because IIUC, now they are whitelisted for all builds.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20063#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list