[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Starting Tor from Python using Ctypes improving Sandboxing?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Starting Tor from Python using Ctypes improving Sandboxing?
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Sat, 19 Apr 2014 15:41:58 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 19 Apr 2014 09:42:08 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

Hi,

currently starting Tor from an python application using existing
frameworks (such as txtorconn) provide limits related to the
capabilities of sandboxing the application itself with AppArmor.

If you want to start Tor from your own application, then you must enable
such application to "execute" an external binary called /usr/bin/tor .

I'm wondering if anyone ever tried to start Tor from a Python
application using Ctypes, to start the Tor "main()", placing the Tor
process into a dedicated Python's application Thread.

That way it would be possible to sandbox the Python application using
AppArmor without enabling any kind of execve() call.

Does anyone ever tried this?

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: [tor-dev] [RELEASE] Torsocks 2.0.0-rc7
Next by Author: [tor-dev] Python Only Tor Client?
Previous by thread: Re: [tor-dev] Panopticlick summer project
Next by thread: [tor-dev] Tor Cloud - Issues/Maintainer/Next Steps
Index(es):
- Author
- Thread