Add a basic seccomp2 syscall filter on Linux

It's controlled by the new Sandbox argument. Right now, it's rather coarse-grained, it's Linux-only, and it may break some features.
author: Cristian Toader <cristian.matei.toader@gmail.com> 2013-06-17 13:07:14 +0300
committer: Nick Mathewson <nickm@torproject.org> 2013-07-11 09:13:13 -0400
commit: f9c1ba6493478d227c202e4d3444283b2c840a6a (patch)
tree: c79191a86be32416dd1de5ead221b15e776e6114 /changes/seccomp2_sandbox
parent: bcdc0022693c75ea1523468e783bf03832e0a358 (diff)
download: tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar
tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/seccomp2_sandbox b/changes/seccomp2_sandbox
new file mode 100644
index 000000000..73b3a8d5e
--- /dev/null
+++ b/changes/seccomp2_sandbox
@@ -0,0 +1,12 @@
+  o Major features (security):
+    - Use the seccomp2 syscall filtering facility on Linux to limit
+      which system calls Tor can invoke. This is an experimental,
+      Linux-only feature to provide defense-in-depth against unknown
+      attacks. To try turning it on, set "Sandbox 1" in your torrc
+      file. This is an experimental feature, however, and some things
+      may break, so please be ready to report bugs. We hope to add
+      support for better sandboxing in the future,
+      including more fine-grained filters, better division of
+      responsibility, and support for more platforms. This work has
+      been done by Cristian-Matei Toader for Google Summer of Code.
+
author	Cristian Toader <cristian.matei.toader@gmail.com>	2013-06-17 13:07:14 +0300
committer	Nick Mathewson <nickm@torproject.org>	2013-07-11 09:13:13 -0400
commit	f9c1ba6493478d227c202e4d3444283b2c840a6a (patch)
tree	c79191a86be32416dd1de5ead221b15e776e6114 /changes/seccomp2_sandbox
parent	bcdc0022693c75ea1523468e783bf03832e0a358 (diff)
download	tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar.gz