[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9249 [Tor]: GSOC seccomp stage 2

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #9249 [Tor]: GSOC seccomp stage 2
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 03 Aug 2013 01:21:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Aug 2013 21:22:03 -0400
In-reply-to: <047.782ecc73947aab62ecf24a5aa678f75d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.782ecc73947aab62ecf24a5aa678f75d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9249: GSOC seccomp stage 2
--------------------------------------------+-------------------------------
 Reporter:  ctoader                         |          Owner:  nickm
     Type:  enhancement                     |         Status:  new  
 Priority:  normal                          |      Milestone:       
Component:  Tor                             |        Version:       
 Keywords:  tor-relay gsoc seccomp sandbox  |         Parent:  #5756
   Points:                                  |   Actualpoints:       
--------------------------------------------+-------------------------------

Comment(by nickm):

 Quick review, as of dde3ed385bc9de8, since I think you asked for one:

   * LENGHT is mispelled.  (Probably it should be ARRAY_LENGTH, and it
 should be in util.h).
   * filter_dynamic should probably be static; nothing needs to use it
 outside of sandbox.c, right?
   * Exposing sandbox_static_cfg_t, pfd_elem, and sandbox_filter_func_t in
 the header seems wrong: those are not part of the public sandbox
 interface, right? They only make sense for seccomp2.
   * Some of the restrictions in sandbox.c don't make sense for security;
 we should at least document why we're doing them.  For example, why
 restrict clock_gettime() to CLOCK_MONOTONIC?  Why restrict time() to NULL?
   * Some of the restrictions in sandbox.c don't make sense given how the
 syscalls work.  (e.g., surely we're sometimes calling epoll_ctl with
 EPOLL_CTL_DEL!)
   * We probably want to restrict execve arguments in the same way we
 restrict open, openat, etc.
   * The structures and functions all need documentation.

 Not necessarily this time:
   * It's confusing to me how filter_dynamic is a linked list of so many
 different things.  Maybe once it's documented, it will make sense?
   * It seems excessive to use a separate mmap() for every prot_strdup()
 call.  Perhaps instead we should have a big mmap that fills up with
 strings, and which we mprotect when we're done.  This could wait until
 later though.

 Other than that, it's looking good....

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9249#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9383 [EFF-HTTPS Everywhere]: add lurkmore.to
Next by Author: Re: [tor-bugs] #9382 [Tor]: Crash in Tor on Windows (was: tor fails)
Previous by thread: Re: [tor-bugs] #9383 [EFF-HTTPS Everywhere]: add lurkmore.to
Next by thread: Re: [tor-bugs] #9249 [Tor]: GSOC seccomp stage 2
Index(es):
- Author
- Thread