#22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
 Reporter:  yawning                              |          Owner:
                                                 |  pospeselr
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, tbb-sandboxing,        |  Actual Points:
  TorBrowserTeam201802R                          |
Parent ID:  #20775                               |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by pospeselr):

 Yeah so long as the seccomp policies for AF_INET6 socket creation doesn't
 kill the calling thread, the existing Firefox code gracefully handles
 socket creation failure.

 In the event that we want to enable such a strict policy for the sandbox
 the relevant code in nsSOCKSIOLayer.cpp's nsSOCKSIOLayerAddToSocket() can
 probably be safely refactored to ignore the IPv6 detection if the desired
 socket family is AF_LOCAL.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22794#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to