[tor-dev] [GSOC] Status report - Tor capabilities

Cristian-Matei Toader cristian.matei.toader at gmail.com
Mon Sep 23 19:46:36 UTC 2013


Hello tor-dev,

For the past two couple of weeks, stage 2 has ended [1], and stage 3 has
begun [2].

Stage 2 didn't change by much, apart from a few change requests from nickm.

As part of stage 3, some important changes were made:
- the structures involving how a sandbox configuration is being managed has
changed, in order to allow multiple configurations; the sandbox type now
consists of the syscall array of no-parameter filters, and a list of
parameter syscall configurations; now each parameter syscall is handled as
a function pointer and a list of parameters which are used with the
function pointer in order to initialise that particular filter; this all
may sound over-complicated, but it's actually a quite intuitive non-hacky
version of what was going on before.
- a filter was developed (it's actually unexpectedly short) for worker
threads only, and it is currently working just as it should in the stage 3
public branch
- currently I have updated the general filter to include the prctl filter
required to allow loading other seccomp filters, which is necessary for the
purpose of stage 3; there is also an option for a general filter which
disallows any further filters to be loaded, and I am currently working at
loading this updated filter at an optimum location.

I am planning to continue working on stage 3 past the hard deadline for the
GSOC project, but when university starts I will probably prioritise studies
over this project.

It has been a pleasure working for the tor project, I will keep
contributing (either sandboxing related or otherwise), and will make sure
to keep in touch on IRC.

[1] https://trac.torproject.org/projects/tor/ticket/9249
[2] https://trac.torproject.org/projects/tor/ticket/9730
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130923/7b538f97/attachment.html>


More information about the tor-dev mailing list