[tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 26 19:59:50 UTC 2018
#17521: Support capsicum(4) on FreeBSD
-------------------------------------------------+-------------------------
Reporter: yawning | Owner:
| shawn.webb
Type: enhancement | Status:
| assigned
Priority: Medium | Milestone: Tor:
| 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor:
| unspecified
Severity: Normal | Resolution:
Keywords: tor-relay, security, sandboxing, | Actual Points:
BSD, capsicum |
Parent ID: | Points:
Reviewer: ahf | Sponsor:
-------------------------------------------------+-------------------------
Comment (by shawn.webb):
So it turns out that the transproxy issue is with libevent, which creates
and maintains its own sockets. I've tested transproxy and it's working,
however DNS resolutions fail.
So `curl http://4.ifconfig.pro/` fails, but `curl http://108.61.202.109/`
works (108.61.202.109 is the IP of 4.ifconfig.pro).
Given that this is an issue with libevent and not tor, I believe that
Capsicum in tor itself is working as intended. I'll open a bug report with
libevent to see if we can figure out how to teach it to be Capsicum-safe.
Chances are, it may need a sockets abstraction API. Essentially, you'll
register a callback for whenever a socket needs to be created. libevent
would call that callback instead of `socket(2)` directly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17521#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list