[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container when no PTs.

Sat, 26 Nov 2016 00:40:12 -0800 

commit f5dbc78776f413829085aa3fba2611214cc469ad
Author: Yawning Angel <[email protected]>
Date:   Sat Nov 26 08:37:25 2016 +0000

    Bug #20773: Don't mount /proc in the tor container when no PTs.
    
    While I'm being overly cautious about obfs4proxy, at least when bridges
    aren't in use, the tor container can do without /proc.
---
 src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 8 ++++++++
 src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go      | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go 
b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index e676955..1e38adc 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -458,6 +458,14 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd 
*exec.Cmd, err error) {
        h.stderr = logger
        if !cfg.Tor.UseBridges {
                h.seccompFn = installTorSeccompProfile
+
+               // The tor daemon only uses this to calculate MaxMemInQueues,
+               // which is a relay thing, so this can safely be disabled.
+               //
+               // Not sure about what to do wrt pluggable transports yet,
+               // obfs4proxy seems to function fine, and the reads it does
+               // look innocent enough, but more investigation is needed.
+               h.mountProc = false
        } else {
                h.seccompFn = installBasicSeccompBlacklist
        }
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go 
b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
index a0b614b..2877d45 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
@@ -265,7 +265,7 @@ func (h *hugbox) run() (*exec.Cmd, error) {
        pendingWrites := [][]byte{argsBuf}
        pendingWrites = append(pendingWrites, h.fileData...)
 
-       Debugf("sandbox: fdArgs: %v", h.args)
+       Debugf("sandbox: fdArgs: %v", fdArgs)
 
        // Fork/exec.
        cmd.Start()

_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to