[tor-dev] [GSOC] Status report - Tor capabilities

Cristian-Matei Toader cristian.matei.toader at gmail.com
Fri Jul 12 16:58:00 UTC 2013 

Hello tor-dev,

Here goes the status report for the past 2 weeks
- I have been preparing the code for the first step of the project to
be merged in the Tor master branch, which represented a number of
changes required by nickm; the full process can be seen here [1], the
branch was squashed and should be merged one of these days.

- Step 2:
  - current progress
  - has changed a bit, and now requires to create a sandbox as 'tight'
as possible around the Tor syscalls;
  - this is achieved my filtering not only syscalls but also syscall
parameters, current efforts on my part can be found here [2] in branch
"gsoc-cap-stage2";
  - the current problem with this stage is filtering string parameters
for syscalls which can be done using immutable strings using protected
memory regions;
  - unfortunately some syscalls are out of reach being part of
libraries and therefore their parameters cannot be controlled (the
pointer used in the seccomp filter cannot be reference in the syscall)
which will need to be solved (any suggestions are appreciated).

- I have implemented ioerror's suggestion about policy files but is
not pushed to git mainly because after talking to nickm we concluded
that the implementation effort is not justified especially now when
filter configurations are constantly changing which would require also
changing how policy files are parsed, having mostly the same end
result; furthermore some of the string filter parameters may be
generated on runtime, which may be inconsistent with the solution, but
I will keep this in mind towards the finishing stage of the
development process, especially since it offers an elegant way of
configuring and testing different filters.

As a small side-note I will mostly be traveling the majority of next
week, so I may not be as reachable as before.

Looking forward to some feedback, if you happen to have any!

References:
 [1] https://trac.torproject.org/projects/tor/ticket/9168
 [2] https://github.com/cristiantoader/tor-gsoc-capabilities

More information about the tor-dev mailing list