#22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
-------------------------------------------------+-------------------------
 Reporter:  yawning                              |          Owner:
                                                 |  pospeselr
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, tbb-sandboxing,        |  Actual Points:
  TorBrowserTeam201802R                          |
Parent ID:  #20775                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:20 yawning]:
 > Oh hey, I was right.
 >
 > Regarding the patch:
 >  * I'm not sure if checking that the URI scheme is file is the correct
 long term fix (eg: #20337), but that bridge can be burnt when someone gets
 there.

 Agreed. Richard, if we keep the `"file://"` prefix test, please add a
 comment to #20337 so we don't forget about this loose end.

 >  * Should this apply to OSX as well?  I do not know how OSX's process
 sandboxing stuff works, or what options it has for limiting what a process
 can do.

 I think we might as well apply the patch to OSX as well since it may be
 useful there. The not-really-awesome OSX sandboxing prototype that Kathy
 and I created a while ago does use the older mechanism of the ones that
 teor discussed (sandbox-exec).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22794#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Reply via email to