[tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 3 18:37:29 UTC 2017
#17521: Support capsicum(4) on FreeBSD
-------------------------------------------------+-------------------------
Reporter: yawning | Owner:
| shawn.webb
Type: enhancement | Status:
| assigned
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: tor-relay, security, sandboxing, | Actual Points:
BSD, capsicum |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by shawn.webb):
I've made a ton of progress on this. I now have a mostly capsicumized Tor.
The very basics are working as of this writing.
As it stands, what's left to do:
1. Write sandbox wrappers for a few more libc calls (gmtime(3),
socketpair(2), etc).
2. Implement proper memory management (like, call free(3) where
appropriate).
3. Clean up a whole freakton of debug code.
4. Write the Linux equivalent wrapper code (likely macros that just point
to the corresponding libc functions).
5. Build full body-suit armor as the person who's tasked with reviewing
the ensuing patch will likely want to stab me.
I will have a solution to demo in place by the time the Montreal meetup
happens.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17521#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list