Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-

Comment (by shawn.webb):

 It looks like libevent not being Capsicum-friendly also affects Capsicum
 support when Tor is used as a relay. We need to fix libevent first before
 the ORPort and DNSPort options work when Capsicum is enabled via the
 Sandbox option.

 Effectively, that means that this new Capsicum support is only applicable
 to running client nodes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by teor):

 * version:  Tor: unspecified =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-

Comment (by shawn.webb):

 Bug report submitted to libevent:
 https://github.com/libevent/libevent/issues/601

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-

Comment (by shawn.webb):

 So it turns out that the transproxy issue is with libevent, which creates
 and maintains its own sockets. I've tested transproxy and it's working,
 however DNS resolutions fail.

 So `curl http://4.ifconfig.pro/` fails, but `curl http://108.61.202.109/`
 works (108.61.202.109 is the IP of 4.ifconfig.pro).

 Given that this is an issue with libevent and not tor, I believe that
 Capsicum in tor itself is working as intended. I'll open a bug report with
 libevent to see if we can figure out how to teach it to be Capsicum-safe.
 Chances are, it may need a sockets abstraction API. Essentially, you'll
 register a callback for whenever a socket needs to be created. libevent
 would call that callback instead of `socket(2)` directly.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-

Comment (by shawn.webb):

 Cool. I'll also try to spend some time on the transparent proxy mode. I
 think I know what's going on there. The `/dev/pf` file descriptor probably
 needs ioctl capabilities.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-

Comment (by ahf):

 Yep! I'm going to Rome next week for the Tor dev meeting, so I probably
 wont get around to it until after the meeting is over.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-

Comment (by shawn.webb):

 I'm going to bring this work up-to-date with the latest master branch. It
 has a few merge conflicts. @ahf, would you have time to review this work
 after the merge conflicts are resolved?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by ahf):

 * reviewer:   => ahf


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by shawn.webb):

 This work is nearing completion for a milestone 1. I've diverged quite a
 bit from the original PoC. How should I proceed from here in getting the
 code reviewed and merged upstream?

 The only known issue is that when sandbox mode is enabled on
 FreeBSD/HardenedBSD, transparent proxy mode breaks. I'm researching the
 breakage. Given that transparent proxy mode is not the primary use case
 nor is widely used, I feel like the current work can go in (pending code
 review and adjustments resulting from the review) with an errata patch
 later on.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * milestone:  Tor: unspecified => Tor: 0.3.3.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by shawn.webb):

 I've now made the code public. There's still a bit of work left to do.

 https://github.com/lattera/tor/tree/hardening/capsicum

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by shawn.webb):

 The problem is that seccomp2 uses a filtering approach. Essentially, once
 you've whitelisted the things you want to access, you can call open(2),
 socket(2), etc. at will and on demand.

 Capsicum takes a completely different approach, one that's fully
 incompatible with seccomp2. I've writting a PoC do demonstrate the
 approach I'm taking with this ticket:
 https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing

 Note that the code I've written in the Tor codebase has diverged quite a
 bit from the PoC. The PoC is ugly code meant to serve as a brain dump and
 code testing area.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Tor has an existing abstraction layer for accessing seccomp'd syscalls on
 Linux, using a bunch of functions prefixed with sandbox_.
 Is it possible to extend or modify that abstraction layer, rather than
 adding a separate interface for FreeBSD?
 That would make it easier to maintain once it's merged.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by shawn.webb):

 I've made a ton of progress on this. I now have a mostly capsicumized Tor.
 The very basics are working as of this writing.

 As it stands, what's left to do:

 1. Write sandbox wrappers for a few more libc calls (gmtime(3),
 socketpair(2), etc).
 2. Implement proper memory management (like, call free(3) where
 appropriate).
 3. Clean up a whole freakton of debug code.
 4. Write the Linux equivalent wrapper code (likely macros that just point
 to the corresponding libc functions).
 5. Build full body-suit armor as the person who's tasked with reviewing
 the ensuing patch will likely want to stab me.

 I will have a solution to demo in place by the time the Montreal meetup
 happens.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by ln5):

 * cc: ln5 (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 |  shawn.webb
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by shawn.webb):

 * owner:  (none) => shawn.webb
 * status:  new => assigned
 * cc: shawn.webb@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by shawn.webb):

 I've started work on this on behalf of HardenedBSD.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17521 [Core Tor/Tor]: Support capsicum(4) on FreeBSD

[Tor Bug Tracker & Wiki]

#17521: Support capsicum(4) on FreeBSD
-+-
 Reporter:  yawning  |  Owner:
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, security, sandboxing, |  Actual Points:
  BSD, capsicum  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  tor-relay, security, sandboxing, BSD => tor-relay, security,
 sandboxing, BSD, capsicum


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs