[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container even with PTs.

Sat, 26 Nov 2016 10:25:01 -0800 

commit db09c0bb793c705a13e275dc6d52eed70ca95c80
Author: Yawning Angel <[email protected]>
Date:   Sat Nov 26 18:22:10 2016 +0000

    Bug #20773: Don't mount /proc in the tor container even with PTs.
    
    Looking at the Go 1.7.3 source code, all of the usages of `/proc` by
    obfs4proxy either shouldn't get called, or have graceful failure modes.
---
 .../internal/sandbox/application.go                 | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go 
b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 1e38adc..0908af1 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -458,19 +458,24 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd 
*exec.Cmd, err error) {
        h.stderr = logger
        if !cfg.Tor.UseBridges {
                h.seccompFn = installTorSeccompProfile
-
-               // The tor daemon only uses this to calculate MaxMemInQueues,
-               // which is a relay thing, so this can safely be disabled.
-               //
-               // Not sure about what to do wrt pluggable transports yet,
-               // obfs4proxy seems to function fine, and the reads it does
-               // look innocent enough, but more investigation is needed.
-               h.mountProc = false
        } else {
                h.seccompFn = installBasicSeccompBlacklist
        }
        h.unshare.net = false // Tor needs host network access.
 
+       // Regarding `/proc`...
+       //
+       // `/proc/meminfo` - tor dameon, used to calculate `MaxMemInQueues`,
+       //    fails gracefully.
+       // `/proc/sys/kernel/hostname` - obfs4proxy, Go runtime uses this to
+       //    determine hostname, 99% sure this is in the binary but not used
+       //    due to the `log` package's syslog target.
+       // `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to
+       //    determine listener backlog, but will default to `128` on errors.
+       //
+       // See: https://bugs.torproject.org/20773
+       h.mountProc = false
+
        if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil {
                return
        }

_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to