#22976: disallow tor exec'ing
------------------------------+-----------------
Reporter: dawuud | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+-----------------
Hello from PETS2017. I recently chatted with Nick Mathewson who suggested
that it would be very easy to patch tor such that exec'ing programs could
optionally be disallowed. Currently there are three torrc config options
that can cause tor to exec:
1. PortForwardingHelper
2. ClientTransportPlugin
3. ServerTransportPlugin
Of course these can be used via the control port which is precisely why it
was important to the Subgraph OS project to have a decent Tor control port
filter; we were mainly concerned with preventing sandbox escapes. I wrote
Roflcoptor for this purpose:
https://github.com/subgraph/roflcoptor
A few other projects have also written their own Tor control port filter
daemons. I will not list them here. Even with this feature addition to
tor, these Tor control port filter daemons will still be useful for
limiting the authority delegated by access to the tor control port.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22976>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
