aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorCristian Toader <cristian.matei.toader@gmail.com>2013-06-17 13:07:14 +0300
committerNick Mathewson <nickm@torproject.org>2013-07-11 09:13:13 -0400
commitf9c1ba6493478d227c202e4d3444283b2c840a6a (patch)
treec79191a86be32416dd1de5ead221b15e776e6114 /src/or
parentbcdc0022693c75ea1523468e783bf03832e0a358 (diff)
downloadtor-f9c1ba6493478d227c202e4d3444283b2c840a6a.tar.gz
tor-f9c1ba6493478d227c202e4d3444283b2c840a6a.zip
Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument. Right now, it's rather coarse-grained, it's Linux-only, and it may break some features.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/main.c9
-rw-r--r--src/or/or.h1
3 files changed, 14 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 2cdf5b2078..2cdc49f109 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -40,6 +40,7 @@
#include "rendservice.h"
#include "rephist.h"
#include "router.h"
+#include "sandbox.h"
#include "util.h"
#include "routerlist.h"
#include "routerset.h"
@@ -369,6 +370,7 @@ static config_var_t option_vars_[] = {
V(RunAsDaemon, BOOL, "0"),
// V(RunTesting, BOOL, "0"),
OBSOLETE("RunTesting"), // currently unused
+ V(Sandbox, BOOL, "0"),
V(SafeLogging, STRING, "1"),
V(SafeSocks, BOOL, "0"),
V(ServerDNSAllowBrokenConfig, BOOL, "1"),
@@ -1140,6 +1142,8 @@ options_act_reversible(const or_options_t *old_options, char **msg)
goto rollback;
}
+ sandbox_set_debugging_fd(get_err_logging_fd());
+
commit:
r = 0;
if (logs_marked) {
diff --git a/src/or/main.c b/src/or/main.c
index 90ffba36d3..6a2346a357 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -57,6 +57,7 @@
#include <openssl/crypto.h>
#endif
#include "memarea.h"
+#include "../common/sandbox.h"
#ifdef HAVE_EVENT2_EVENT_H
#include <event2/event.h>
@@ -2688,6 +2689,14 @@ tor_main(int argc, char *argv[])
#endif
if (tor_init(argc, argv)<0)
return -1;
+
+ if (get_options()->Sandbox) {
+ if (tor_global_sandbox()) {
+ log_err(LD_BUG,"Failed to create syscall sandbox filter");
+ return -1;
+ }
+ }
+
switch (get_options()->command) {
case CMD_RUN_TOR:
#ifdef NT_SERVICE
diff --git a/src/or/or.h b/src/or/or.h
index daff6de933..2b2617115e 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3727,6 +3727,7 @@ typedef struct {
SAFELOG_SCRUB_ALL, SAFELOG_SCRUB_RELAY, SAFELOG_SCRUB_NONE
} SafeLogging_;
+ int Sandbox; /** < Boolean: should sandboxing be enabled? */
int SafeSocks; /**< Boolean: should we outright refuse application
* connections that use socks4 or socks5-with-local-dns? */
#define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? \