Merge remote-tracking branch 'public/sandbox_fixes_rebased_2'

author: Nick Mathewson <nickm@torproject.org> 2014-04-16 23:45:55 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-04-16 23:45:55 -0400
commit: 4367cbd71b7a7b53e191b54a67ee6cbc00651024 (patch)
tree: 7d65b680da934b3128e102d6a61b690e1bea0b5b /changes
parent: 250b84b8a8b3bc9d50859459054aecfe8473e7cc (diff)
parent: 506c8904402907f84f8c5ddcd6ecf15bb66d4030 (diff)
download: tor-4367cbd71b7a7b53e191b54a67ee6cbc00651024.tar
tor-4367cbd71b7a7b53e191b54a67ee6cbc00651024.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/changes/sandbox_fixes_11351 b/changes/sandbox_fixes_11351
new file mode 100644
index 000000000..2fe2173ce
--- /dev/null
+++ b/changes/sandbox_fixes_11351
@@ -0,0 +1,13 @@
+  o Major features:
+    - Refinements and improvements to the Linux seccomp2 sandbox code:
+      the sandbox can now run a test network for multiple hours without
+      crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
+      seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
+      NONBLOCK at the same place and time, having server keys, being an
+      authority, receiving a HUP, or using IPv6.) The sandbox is still
+      experimental, and more bugs will probably turn up. To try it,
+      enable "Sandbox 1" on a Linux host.
+
+    - Strengthen the Linux seccomp2 sandbox code: the sandbox can now
+      test the arguments for rename(), and blocks _sysctl() entirely.
+
author	Nick Mathewson <nickm@torproject.org>	2014-04-16 23:45:55 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-04-16 23:45:55 -0400
commit	4367cbd71b7a7b53e191b54a67ee6cbc00651024 (patch)
tree	7d65b680da934b3128e102d6a61b690e1bea0b5b /changes
parent	250b84b8a8b3bc9d50859459054aecfe8473e7cc (diff)
parent	506c8904402907f84f8c5ddcd6ecf15bb66d4030 (diff)
download	tor-4367cbd71b7a7b53e191b54a67ee6cbc00651024.tar tor-4367cbd71b7a7b53e191b54a67ee6cbc00651024.tar.gz