[tor-bugs] #22794 [Applications/Tor Browser]: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 3 00:02:45 UTC 2018
#22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
-------------------------------------------------+-------------------------
Reporter: yawning | Owner:
| pospeselr
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-sandboxing, | Actual Points:
TorBrowserTeam201802R |
Parent ID: #20775 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by pospeselr):
Yeah so long as the seccomp policies for AF_INET6 socket creation doesn't
kill the calling thread, the existing Firefox code gracefully handles
socket creation failure.
In the event that we want to enable such a strict policy for the sandbox
the relevant code in nsSOCKSIOLayer.cpp's nsSOCKSIOLayerAddToSocket() can
probably be safely refactored to ignore the IPv6 detection if the desired
socket family is AF_LOCAL.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22794#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list