[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] add a changes file for the sandbox fixes series

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] add a changes file for the sandbox fixes series
From: nickm@xxxxxxxxxxxxxx
Date: Thu, 17 Apr 2014 03:48:08 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 Apr 2014 23:49:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 506c8904402907f84f8c5ddcd6ecf15bb66d4030
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Apr 16 22:45:27 2014 -0400

    add a changes file for the sandbox fixes series
---
 changes/sandbox_fixes_11351 |   13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/changes/sandbox_fixes_11351 b/changes/sandbox_fixes_11351
new file mode 100644
index 0000000..2fe2173
--- /dev/null
+++ b/changes/sandbox_fixes_11351
@@ -0,0 +1,13 @@
+  o Major features:
+    - Refinements and improvements to the Linux seccomp2 sandbox code:
+      the sandbox can now run a test network for multiple hours without
+      crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
+      seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
+      NONBLOCK at the same place and time, having server keys, being an
+      authority, receiving a HUP, or using IPv6.) The sandbox is still
+      experimental, and more bugs will probably turn up. To try it,
+      enable "Sandbox 1" on a Linux host.
+
+    - Strengthen the Linux seccomp2 sandbox code: the sandbox can now
+      test the arguments for rename(), and blocks _sysctl() entirely.
+



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
Next by Author: [tor-commits] [tor/master] Log the name of the failing syscall on failure
Previous by thread: [tor-commits] [tor/master] Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
Next by thread: [tor-commits] [tor/master] Log the name of the failing syscall on failure
Index(es):
- Author
- Thread