Opened 5 months ago

Closed 2 months ago

#24979 closed enhancement (wontfix)

torsocks could support ptrace sandboxing

Reported by: Hello71 Owned by: dgoulet
Priority: Low Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

pros:

  • 'fixes' SIP, suid, caps
  • fixes static binaries

cons:

Child Tickets

Change History (3)

comment:1 Changed 5 months ago by cypherpunks

#24037 already has this purpose, and would be a superior solution to ptrace() (which has its share of nasty issues when used for sandboxing especially in multithreaded applications, in addition to being very slow). It is far easier to implement (I could do it in a day once #14132 which is blocking it is resolved) and far more secure.

comment:2 Changed 5 months ago by Hello71

seccomp is Linux-specific. ptrace works everywhere. (or, I guess you have used ptrace, doesn't really work anywhere...)

comment:3 Changed 2 months ago by dgoulet

Resolution: wontfix
Status: newclosed

Yeah I think #24037 is the way to go but that is Linux specific as pointed out.

ptrace() is a mess and I honestly don't think it is a good idea, the multi threaded part is not going to be fun.

Note: See TracTickets for help on using tickets.