| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-10-31 | Merge branch 'fix-torrcd-sandbox-22605v2' | Nick Mathewson | |
| 2017-10-19 | Comment-only change: annotate exit() calls. | Nick Mathewson | |
| Sometimes when we call exit(), it's because the process is completely hopeless: openssl has a broken AES-CTR implementation, or the clock is in the 1960s, or something like that. But sometimes, we should return cleanly from tor_main() instead, so that embedders can keep embedding us and start another Tor process. I've gone through all the exit() and _exit() calls to annotate them with "exit ok" or "XXXX bad exit" -- the next step will be to fix the bad exit()s. First step towards 23848. | |||
| 2017-09-15 | Run our #else/#endif annotator on our source code. | Nick Mathewson | |
| 2017-09-15 | sched: Add sandbox support for KIST | David Goulet | |
| Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
| 2017-09-06 | Better error on failure to load seccomp2 sandbox | Nick Mathewson | |
| There are two reasons this is likeliest to happen -- no kernel support, and some bug in Tor. We'll ask people to check the former before they report. Closes 23090. | |||
| 2017-08-30 | Adds files included by torrc and defaults to sandbox filter #22605 | Daniel Pinto | |
| 2017-08-09 | Remove the #if 0ed code that was supposed to let the sandbox allow exec | Nick Mathewson | |
| 2017-07-27 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| 2017-07-27 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-07-27 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-07-23 | fix whitespace issue | Roger Dingledine | |
| 2017-07-05 | Allow setsockopt(IPV6_V6ONLY) in sandbox. | Nick Mathewson | |
| Fixes bug 20247. We started setting V6ONLY in 0.2.3.13-alpha and added the sandbox on 0.2.5.1-alpha. | |||
| 2017-07-05 | Use the proper syscall in sandbox error messages | cypherpunks | |
| Fixes #22750. | |||
| 2017-06-28 | Fix crash in LZMA module when the Sandbox is enabled. | Alexander Færøy | |
| This patch fixes a crash in our LZMA module where liblzma will allocate slightly more data than it is allowed to by its limit, which leads to a crash. See: https://bugs.torproject.org/22751 | |||
| 2017-06-19 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| 2017-06-19 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-06-16 | Permit the fchmod system call. | Nick Mathewson | |
| Fixes bug 22516; bugfix on 0.2.5.4-alpha. | |||
| 2017-05-08 | Merge branch 'maint-0.3.0' | Nick Mathewson | |
| 2017-05-08 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-04-28 | Increase MALLOC_MP_LIM to 16MB | Nick Mathewson | |
| Increase the maximum allowed size passed to mprotect(PROT_WRITE) from 1MB to 16MB. This was necessary with the glibc allocator in order to allow worker threads to allocate more memory -- which in turn is necessary because of our new use of worker threads for compression. Closes ticket #22096. Found while working on #21648. | |||
| 2017-04-26 | Add getpid() to the seccomp2 sandbox. | Nick Mathewson | |
| We hadn't needed this before, because most getpid() callers on Linux were looking at the vDSO version of getpid(). I don't know why at least one version of OpenSSL seems to be ignoring the vDSO, but this change should fix it. Fixes bug 21943; bugfix on 0.2.5.1-alpha when the sandbox was introduced. | |||
| 2017-03-15 | Run the copyright update script. | Nick Mathewson | |
| 2016-12-18 | fix typos and trivial syntax problems | Roger Dingledine | |
| 2016-12-07 | Merge branch 'bug20710_025' into maint-0.2.9 | Nick Mathewson | |
| 2016-12-01 | Fix major errors in freeing getaddrinfo sandbox cache | Nick Mathewson | |
| Patch from cypherpunks. Fixes bug 20710; bugfix on 0.2.5.5-alpha. | |||
| 2016-09-05 | For me, asan/ubsan require more syscalls. | Nick Mathewson | |
| Permit sched_yield() and sigaltstack() in the sandbox. Closes ticket 20063 | |||
| 2016-08-23 | Fix some comments in sandbox.c | Nick Mathewson | |
| Closes ticket 19942; patch from "cypherpunks" | |||
| 2016-07-21 | Merge branch 'maint-0.2.8' | Nick Mathewson | |
| 2016-07-21 | Coverity hates it when we do "E1 ? E2 : E2". | Nick Mathewson | |
| It says, 'Incorrect expression (IDENTICAL_BRANCHES)' Fix for CID 1364127. Not in any released Tor. | |||
| 2016-07-17 | Merge branch 'maint-0.2.8' | Nick Mathewson | |
| 2016-07-17 | Merge remote-tracking branch 'weasel/bug19660' into maint-0.2.8 | Nick Mathewson | |
| 2016-07-13 | Merge branch 'maint-0.2.8' | Nick Mathewson | |
| 2016-07-13 | Merge remote-tracking branch 'Jigsaw52/seccomp-fix-18397' into maint-0.2.8 | Nick Mathewson | |
| 2016-07-11 | Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist | Peter Palfrader | |
| If we did not find a non-private IPaddress by iterating over interfaces, we would try to get one via get_interface_address6_via_udp_socket_hack(). This opens a datagram socket with IPPROTO_UDP. Previously all our datagram sockets (via libevent) used IPPROTO_IP, so we did not have that in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist. Fixes bug 19660. | |||
| 2016-07-09 | Adds missing syscalls to seccomp filter. | Daniel Pinto | |
| Fixes #18397 which prevented tor starting with Sandbox 1. | |||
| 2016-07-05 | Grammar. | Nick Mathewson | |
| I grepped and hand-inspected the "it's" instances, to see if any were supposed to be possessive. While doing that, I found a "the the", so I grepped to see if there were any more. | |||
| 2016-06-17 | Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS | cypherpunks | |
| The Autoconf macro AC_USE_SYSTEM_EXTENSIONS defines preprocessor macros which turn on extensions to C and POSIX. The macro also makes it easier for developers to use the extensions without needing (or forgetting) to define them manually. The macro can be safely used because it was introduced in Autoconf 2.60 and Tor requires Autoconf 2.63 and above. | |||
| 2016-06-11 | Add the -Wextra-semi warning from clang, and fix the cases where it triggers | Nick Mathewson | |
| 2016-03-26 | Do not treat "DOCDOC" as doxygen. | Nick Mathewson | |
| 2016-03-26 | Whitespace fixes | Nick Mathewson | |
| 2016-03-22 | Repair build when no sandbox support is enabled. | Nick Mathewson | |
| 2016-03-22 | Merge remote-tracking branch 'public/bug18253' | Nick Mathewson | |
| 2016-03-14 | Merge branch 'bug15221_027' | Nick Mathewson | |
| 2016-03-14 | Make unix sockets work with the linux seccomp2 sandbox again | Nick Mathewson | |
| I didn't want to grant blanket permissions for chmod() and chown(), so here's what I had to do: * Grant open() on all parent directories of a unix socket * Write code to allow chmod() and chown() on a given file only. * Grant chmod() and chown() on the unix socket. | |||
| 2016-03-14 | Permit setrlimit, prlimit, prlimit64 calls. | Nick Mathewson | |
| We call setrlimit under some circumstances, and it can call prlimit and prlimit64 under the hood. Fixes bug 15221. | |||
| 2016-02-27 | Update the copyright year. | Nick Mathewson | |
| 2016-02-24 | Make the sandbox work again with chutney. | Nick Mathewson | |
| Previously, we had a problem due to the check_private_dir() rewrite. Bug not in any released Tor. | |||
| 2015-12-16 | Merge branch 'maint-0.2.7' | Nick Mathewson | |
| 2015-12-16 | ... and fix another backtrace_symbols_fd call in sandbox.c | Nick Mathewson | |
| 2015-12-15 | Merge branch 'maint-0.2.7' | Nick Mathewson | |
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| summaryrefslogtreecommitdiff |