[tor-dev] [GSOC] Status report - Tor capabilities

[Cristian-Matei Toader]

Hello tor-dev,

For the last week I was on holiday for the graduation ceremony. I did
however manage to get some work done, so for the past 2 weeks I have:

- worked on adding parameter filters for the syscall filter; this is done
using both a static list of parameters, as well as a dynamic list
configurable at runtime;
- parameter filters currently support numeric and pointer based parameters
such as C strings; pointer based parameters are referenced in the original
tor code through a getter (this was implemented for the 'open' syscall).
- possibly identified a bug in libseccomp which was causing the accept4
syscall to fail to be added to the filter which was temporarily fixed by
accepting all socketcall filters; still need to confirm this with nickm,
but for those interested i believe -117 on this [1] line should be at least
-120; my local fix makes everything work fine without socketcall.

As a general conclusions things are going fine, I am currently trying to
figure out what should go in the parameter filter.

Another quick link to my remote branch for the ease of those interested:
[2].

Looking forward to some feedback, if you happen to have any!

References:
[1]
http://sourceforge.net/p/libseccomp/libseccomp/ci/release-2.1/tree/src/arch-x86.c#l86
[2]
https://github.com/cristiantoader/tor-gsoc-capabilities/tree/gsoc-cap-stage2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130726/440d593f/attachment.html>