[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container even with PTs.

yawning at torproject.org yawning at torproject.org
Sat Nov 26 18:23:57 UTC 2016 

commit db09c0bb793c705a13e275dc6d52eed70ca95c80
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Sat Nov 26 18:22:10 2016 +0000

    Bug #20773: Don't mount /proc in the tor container even with PTs.
    
    Looking at the Go 1.7.3 source code, all of the usages of `/proc` by
    obfs4proxy either shouldn't get called, or have graceful failure modes.
---
 .../internal/sandbox/application.go                 | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 1e38adc..0908af1 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -458,19 +458,24 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) {
 	h.stderr = logger
 	if !cfg.Tor.UseBridges {
 		h.seccompFn = installTorSeccompProfile
-
-		// The tor daemon only uses this to calculate MaxMemInQueues,
-		// which is a relay thing, so this can safely be disabled.
-		//
-		// Not sure about what to do wrt pluggable transports yet,
-		// obfs4proxy seems to function fine, and the reads it does
-		// look innocent enough, but more investigation is needed.
-		h.mountProc = false
 	} else {
 		h.seccompFn = installBasicSeccompBlacklist
 	}
 	h.unshare.net = false // Tor needs host network access.
 
+	// Regarding `/proc`...
+	//
+	// `/proc/meminfo` - tor dameon, used to calculate `MaxMemInQueues`,
+	//    fails gracefully.
+	// `/proc/sys/kernel/hostname` - obfs4proxy, Go runtime uses this to
+	//    determine hostname, 99% sure this is in the binary but not used
+	//    due to the `log` package's syslog target.
+	// `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to
+	//    determine listener backlog, but will default to `128` on errors.
+	//
+	// See: https://bugs.torproject.org/20773
+	h.mountProc = false
+
 	if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil {
 		return
 	}

More information about the tor-commits mailing list