[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container when no PTs.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container when no PTs.
From: yawning@xxxxxxxxxxxxxx
Date: Sat, 26 Nov 2016 08:39:02 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 26 Nov 2016 03:39:11 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit f5dbc78776f413829085aa3fba2611214cc469ad
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Sat Nov 26 08:37:25 2016 +0000

    Bug #20773: Don't mount /proc in the tor container when no PTs.
    
    While I'm being overly cautious about obfs4proxy, at least when bridges
    aren't in use, the tor container can do without /proc.
---
 src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 8 ++++++++
 src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go      | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index e676955..1e38adc 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -458,6 +458,14 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) {
 	h.stderr = logger
 	if !cfg.Tor.UseBridges {
 		h.seccompFn = installTorSeccompProfile
+
+		// The tor daemon only uses this to calculate MaxMemInQueues,
+		// which is a relay thing, so this can safely be disabled.
+		//
+		// Not sure about what to do wrt pluggable transports yet,
+		// obfs4proxy seems to function fine, and the reads it does
+		// look innocent enough, but more investigation is needed.
+		h.mountProc = false
 	} else {
 		h.seccompFn = installBasicSeccompBlacklist
 	}
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
index a0b614b..2877d45 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
@@ -265,7 +265,7 @@ func (h *hugbox) run() (*exec.Cmd, error) {
 	pendingWrites := [][]byte{argsBuf}
 	pendingWrites = append(pendingWrites, h.fileData...)
 
-	Debugf("sandbox: fdArgs: %v", h.args)
+	Debugf("sandbox: fdArgs: %v", fdArgs)
 
 	// Fork/exec.
 	cmd.Start()

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [obfs4/master] Bump the version to 0.0.8-dev, signifying development towards 0.0.8.
Next by Author: [tor-commits] [sandboxed-tor-browser/master] Update the Architecture.txt doc a bit (No functional changes).
Previous by thread: [tor-commits] [sandboxed-tor-browser/master] Update the Architecture.txt doc a bit (No functional changes).
Next by thread: [tor-commits] [sandboxed-tor-browser/master] Bug #20773: Don't mount /proc in the tor container even with PTs.
Index(es):
- Author
- Thread