Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.

Signed-off-by: Andrea Shepard <andrea@torproject.org>
author: Jacob Appelbaum <jacob@appelbaum.net> 2014-08-11 12:27:04 -0700
committer: Andrea Shepard <andrea@torproject.org> 2015-01-07 17:42:57 +0000
commit: 8d59ddf3cba541c6578dff121e8f0623a7606bab (patch)
tree: a85c724acac38346025042b128c60f20337dda05 /changes
parent: 1abd526c75eade83318a6ec6aff84d5f0f079a3b (diff)
download: tor-8d59ddf3cba541c6578dff121e8f0623a7606bab.tar.gz
tor-8d59ddf3cba541c6578dff121e8f0623a7606bab.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug12585 b/changes/bug12585
new file mode 100644
index 0000000000..ccdcd17e6c
--- /dev/null
+++ b/changes/bug12585
@@ -0,0 +1,9 @@
+  o Major features (security)
+    - Implementation of SocksSocket option - SocksSocket implements a SOCKS
+      proxy reachable by Unix Domain Socket. This allows client applications to
+      communicate with Tor without having the ability to create AF_INET or
+      AF_INET6 family sockets. If an application has permission to create a socket
+      with AF_UNIX, it may directly communicate with Tor as if it were an other
+      SOCKS proxy. This should allow high risk applications to be entirely prevented
+      from connecting directly with TCP/IP, they will be able to only connect to the
+      internet through AF_UNIX and only through Tor.
author	Jacob Appelbaum <jacob@appelbaum.net>	2014-08-11 12:27:04 -0700
committer	Andrea Shepard <andrea@torproject.org>	2015-01-07 17:42:57 +0000
commit	8d59ddf3cba541c6578dff121e8f0623a7606bab (patch)
tree	a85c724acac38346025042b128c60f20337dda05 /changes
parent	1abd526c75eade83318a6ec6aff84d5f0f079a3b (diff)
download	tor-8d59ddf3cba541c6578dff121e8f0623a7606bab.tar.gz tor-8d59ddf3cba541c6578dff121e8f0623a7606bab.zip