Opened 7 years ago

Closed 6 years ago

#9730 closed enhancement (wontfix)

GSOC seccomp stage 3

Reported by: ctoader Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay gsoc seccomp sandbox 025-triaged
Cc: ctoader Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Review and merge phase 3 of seccomp capabilities filtering.

This version aims to restrict the libseccomp filter by dropping privileges in different sections of the code, in an attempt to make the sandbox as restrictive as possible.

Remote: ​https://github.com/cristiantoader/tor-gsoc-capabilities
Branch: gsoc-cap-stage3

Quick link: https://github.com/cristiantoader/tor-gsoc-capabilities/tree/gsoc-cap-stage3

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by nickm

Milestone: Tor: 0.2.5.x-final
Status: newneeds_review

We should see if there's any code here that we can adopt in 0.2.5 or 0.2.6.

comment:2 Changed 7 years ago by nickm

Parent ID: #5756

comment:3 Changed 7 years ago by andrea

Keywords: 025-triaged added

comment:4 Changed 7 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: unspecified
Status: needs_reviewneeds_revision

This does not appear to be complete enough to be usable; somebody should give it another read-over when we do refactor into separate sandboxed modules.

comment:5 Changed 6 years ago by nickm

Milestone: Tor: unspecifiedTor: 0.2.7.x-final

These might actually be 0.2.7 material

comment:6 Changed 6 years ago by nickm

Resolution: wontfix
Status: needs_revisionclosed

This is going to be invalidated by later modularization ideas.

Note: See TracTickets for help on using tickets.