#20782: Use a seccomp whitelist when the tor daemon is configured to use
Bridges.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
The seccomp whitelist for the tor sandbox only has the system calls
required for the tor daemon itself (based off tor's `UseSandbox`
implementation). This causes obfs4proxy to not work, so when Bridges are
enabled, a rudimentary blacklist is installed instead.
The proper thing to do would be to figure out what systemcalls obfs4proxy
needs in addition to the ones in the current whitelist and selective
expand the whitelist at runtime based on configuration.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20782>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
