[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy



#9894: Sandbox doesn't work with obfsproxy
------------------------+---------------------------------------
     Reporter:  zoltan  |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:  Tor: 0.2.5.1-alpha
   Resolution:          |   Keywords:  sandbox tor-client tor-pt
Actual Points:          |  Parent ID:
       Points:          |
------------------------+---------------------------------------
Changes (by nickm):

 * keywords:   => sandbox tor-client tor-pt


Comment:

 0x2a is sys_pipe, so maybe we just need to whitelist the pipe syscall.
 Try the attached patch?

 Possible outcomes:
   * '''Everything works fine:'''  Yay; let's merge this patch.
   * '''Tor still crashes, but crashes differently this time:'''  We'll
 need to whitelist another syscall too.
   * '''Tor works okay, but obfsproxy dies:'''  This would mean that
 obfsproxy requires some functionality that Tor is disabling.  In that
 case, we'll have to run obfsproxy with fewer restrictions than Tor itself.
 We'll probably need a helper thread running with high privilege whose
 whose job is to execute other programs. Setting it up so that it only runs
 permissible programs, no matter what Tor tells it, will be the fun part.
 ctoader is working on something like this, I hear.

 Possible workaround:
   * Use obfsproxy in external proxy mode, not managed.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9894#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs