[tor-dev] [GSOC] Status report - Tor capabilities

[Cristian-Matei Toader]

Hello tor-dev,

Apologies for submitting the report later than planned, but I was on
holiday towards the end of last week.

I am currently waiting for a code review for the stage 2 of the seccomp
filter, which will very likely include a relatively long list of change
requests. As a reminder, at the moment there should be one filter which
does both syscall and parameter filtering.

As a brief update the following changes were made for the past 2 weeks:
- various syscall filter changes for linux 32/64 bit
- dealt with issues related to the open syscall, due to the fact that we
use path filtering and external dependencies happen to use 'open' with
strings unprotected by the filter (libevent, getaddrinfo, openssl)
- received feedback and added socket filters, which support parameter
filtering only for 64 bits, since on 32 they get multiplexed on one syscall
(socketcall)
- waiting for review on [1] in public branch [2]

For stage 3, further privileges will be dropped for different sections of
code (eg. the worker threads), and the project will support multiple
filters.

More details may be found here [1].

Looking forward to some feedback, if you happen to have any!

References:
 [1] https://trac.torproject.org/projects/tor/ticket/9249
 [2] https://github.com/cristiantoader/tor
-gsoc-capabilities/tree/gsoc-cap-stage2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130826/736ada2e/attachment.html>