[tor-dev] [GSOC] Status report - Tor capabilities
cristian.matei.toader at gmail.com
Mon Sep 23 19:46:36 UTC 2013
For the past two couple of weeks, stage 2 has ended , and stage 3 has
Stage 2 didn't change by much, apart from a few change requests from nickm.
As part of stage 3, some important changes were made:
- the structures involving how a sandbox configuration is being managed has
changed, in order to allow multiple configurations; the sandbox type now
consists of the syscall array of no-parameter filters, and a list of
parameter syscall configurations; now each parameter syscall is handled as
a function pointer and a list of parameters which are used with the
function pointer in order to initialise that particular filter; this all
may sound over-complicated, but it's actually a quite intuitive non-hacky
version of what was going on before.
- a filter was developed (it's actually unexpectedly short) for worker
threads only, and it is currently working just as it should in the stage 3
- currently I have updated the general filter to include the prctl filter
required to allow loading other seccomp filters, which is necessary for the
purpose of stage 3; there is also an option for a general filter which
disallows any further filters to be loaded, and I am currently working at
loading this updated filter at an optimum location.
I am planning to continue working on stage 3 past the hard deadline for the
GSOC project, but when university starts I will probably prioritise studies
over this project.
It has been a pleasure working for the tor project, I will keep
contributing (either sandboxing related or otherwise), and will make sure
to keep in touch on IRC.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev