sandbox: Disallow options which would make us call exec()

None of the things we might exec() can possibly run under the sanbox, so rather than crash later, we have to refuse to accept the configuration nice and early. The longer-term solution is to have an exec() helper, but wow is that risky. fixes 12043; bugfix on 0.2.5.1-alpha
author: Nick Mathewson <nickm@torproject.org> 2014-05-20 12:21:31 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-05-20 12:21:31 -0400
commit: 465982012c69e78986d421604d27afd6ecbe70f6 (patch)
tree: 02c03e62472fdcd57a732dbbdeda5e04e183bac5 /changes
parent: f87071f49efb47a2d52583730c29ba287e620227 (diff)
download: tor-465982012c69e78986d421604d27afd6ecbe70f6.tar
tor-465982012c69e78986d421604d27afd6ecbe70f6.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/changes/bug12043 b/changes/bug12043
new file mode 100644
index 000000000..4ec735c1e
--- /dev/null
+++ b/changes/bug12043
@@ -0,0 +1,4 @@
+  o Minor bugfixes (linux syscall sandboxing):
+    - Do not allow options which would require us to call exec to be
+      enabled along with the seccomp2 sandbox: they will inevitably
+      crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.
author	Nick Mathewson <nickm@torproject.org>	2014-05-20 12:21:31 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-05-20 12:21:31 -0400
commit	465982012c69e78986d421604d27afd6ecbe70f6 (patch)
tree	02c03e62472fdcd57a732dbbdeda5e04e183bac5 /changes
parent	f87071f49efb47a2d52583730c29ba287e620227 (diff)
download	tor-465982012c69e78986d421604d27afd6ecbe70f6.tar tor-465982012c69e78986d421604d27afd6ecbe70f6.tar.gz