[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy

Subject: Re: [tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 07 Oct 2013 14:48:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 Oct 2013 10:48:25 -0400
In-reply-to: <046.8f4cc8d1419001a0523ca16dfccc4886@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.8f4cc8d1419001a0523ca16dfccc4886@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9894: Sandbox doesn't work with obfsproxy
------------------------+---------------------------------------
     Reporter:  zoltan  |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:  Tor: 0.2.5.1-alpha
   Resolution:          |   Keywords:  sandbox tor-client tor-pt
Actual Points:          |  Parent ID:
       Points:          |
------------------------+---------------------------------------
Changes (by nickm):

 * keywords:   => sandbox tor-client tor-pt


Comment:

 0x2a is sys_pipe, so maybe we just need to whitelist the pipe syscall.
 Try the attached patch?

 Possible outcomes:
   * '''Everything works fine:'''  Yay; let's merge this patch.
   * '''Tor still crashes, but crashes differently this time:'''  We'll
 need to whitelist another syscall too.
   * '''Tor works okay, but obfsproxy dies:'''  This would mean that
 obfsproxy requires some functionality that Tor is disabling.  In that
 case, we'll have to run obfsproxy with fewer restrictions than Tor itself.
 We'll probably need a helper thread running with high privilege whose
 whose job is to execute other programs. Setting it up so that it only runs
 permissible programs, no matter what Tor tells it, will be the fun part.
 ctoader is working on something like this, I hear.

 Possible workaround:
   * Use obfsproxy in external proxy mode, not managed.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9894#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9825 [Obfsproxy]: -v returns 'unknown' for Obfsproxy.exe from '2.4.17-beta-2-pt3'
Next by Author: Re: [tor-bugs] #9904 [Tor]: When starting a Tor Relay, Tor may use a disabled network adapter for IP information
Previous by thread: Re: [tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy
Next by thread: Re: [tor-bugs] #9894 [Tor]: Sandbox doesn't work with obfsproxy
Index(es):
- Author
- Thread