[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #12751 [Tor]: systemd unit file could use more filesystem namespace hardening options

Subject: Re: [tor-bugs] #12751 [Tor]: systemd unit file could use more filesystem namespace hardening options
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 29 Aug 2014 20:31:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Aug 2014 16:31:47 -0400
In-reply-to: <049.0dd4711856f3e0250aaaa093286be305@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.0dd4711856f3e0250aaaa093286be305@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#12751: systemd unit file could use more filesystem namespace hardening options
---------------------------+--------------------------------------------
     Reporter:  intrigeri  |      Owner:  intrigeri
         Type:  defect     |     Status:  needs_review
     Priority:  normal     |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor        |    Version:
   Resolution:             |   Keywords:  tor-relay systemd 025-backport
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+--------------------------------------------
Changes (by nickm):

 * keywords:  tor-relays, systemd => tor-relay systemd 025-backport
 * milestone:   => Tor: 0.2.6.x-final


Comment:

 Do we care about managed pluggable transports launched by the Tor process
 here?  Do they inherit these restrictions?

 Would you like to narrow read directories down as well?  If so, see the
 list of stuff in the function sandbox_init_filter() in main.c.  (Also
 please let me know if there's some reason that Tails can't enable "sandbox
 1"; I want to fix it if there is.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12751#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #12994 [Service - dist]: deb.torproject.org archive signing key expired
Next by Author: Re: [tor-bugs] #12996 [Tor]: Relay operators see "Unexpected onionskin length after decryption: 58"
Previous by thread: Re: [tor-bugs] #12751 [Tor]: systemd unit file could use more filesystem namespace hardening options
Next by thread: Re: [tor-bugs] #12751 [Tor]: systemd unit file could use more filesystem namespace hardening options
Index(es):
- Author
- Thread