diff options
| author | Simon South <simon@simonsouth.net> | 2021-09-24 14:08:58 -0400 |
|---|---|---|
| committer | Simon South <simon@simonsouth.net> | 2021-09-28 11:06:50 -0400 |
| commit | fbf2e7e9218b8e0ffabcd59fab2322d7c2c7178c (patch) | |
| tree | eca67220a5d7c14cf787698cb8d0c534a4382081 /changes | |
| parent | 352677556e14480753f75e8abe1f584f1580f1b2 (diff) | |
| download | tor-fbf2e7e9218b8e0ffabcd59fab2322d7c2c7178c.tar.gz tor-fbf2e7e9218b8e0ffabcd59fab2322d7c2c7178c.zip | |
sandbox: Allow use with fragile hardening
When building with --enable-fragile-hardening, add or relax Linux
seccomp rules to allow AddressSanitizer to execute normally if the
process terminates with the sandbox active.
Further resolves issue 11477.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/issue11477 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/issue11477 b/changes/issue11477 new file mode 100644 index 0000000000..bb5d9e4099 --- /dev/null +++ b/changes/issue11477 @@ -0,0 +1,8 @@ + o Minor bugfixes (fragile-hardening, sandbox): + - When building with --enable-fragile-hardening, add or relax Linux + seccomp rules to allow AddressSanitizer to execute normally if the + process terminates with the sandbox active. This has the side + effect of disabling the filtering of file- and directory-open + requests on most systems and dilutes the effectiveness of the + sandbox overall, as a wider range of system calls must be + permitted. Fixes bug 11477; bugfix on 0.2.5.4-alpha. |