| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-06-27 | Move sandbox code into a new library. | Nick Mathewson | |
| 2018-06-27 | Move network code to libtor-net. | Nick Mathewson | |
| There are some additional changes to come: those points are marked by XXXX. | |||
| 2018-06-22 | Automated fixup of include paths after torlog.h movement. | Nick Mathewson | |
| 2018-06-22 | Remove map from container.h | Nick Mathewson | |
| 2018-06-22 | Rectify include paths after container split (automatic) | Nick Mathewson | |
| 2018-06-21 | Rectify include paths (automated) | Nick Mathewson | |
| 2018-06-21 | Rectify include paths (automated) | Nick Mathewson | |
| 2018-06-20 | Move horrible-emergency handling into torerr.[ch] | Nick Mathewson | |
| Previously we had code like this for bad things happening from signal handlers, but it makes sense to use the same logic to handle cases when something is happening at a level too low for log.c to be involved. My raw_assert*() stuff now uses this code. | |||
| 2018-06-20 | Run rectify_include_paths.py | Nick Mathewson | |
| 2018-06-20 | Update copyrights to 2018. | Nick Mathewson | |
| 2018-04-23 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-04-23 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-04-23 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-04-23 | Permit the nanosleep system call in the seccomp2 callbox | Nick Mathewson | |
| Fixes bug 24969; bugfix on 0.2.5.1-alpha when the sandbox was introduced. | |||
| 2018-03-26 | Merge branch 'maint-0.3.1' into maint-0.3.2 | Nick Mathewson | |
| 2018-03-26 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-03-26 | Merge branch 'maint-0.3.2' into maint-0.3.3 | Nick Mathewson | |
| 2018-03-20 | Remove sb_poll check: all poll() calls are ok. | Nick Mathewson | |
| 2018-03-20 | Add the poll() syscall as permitted by the sandbox | Nick Mathewson | |
| Apparently, sometimes getpwnam will call this. Fixes bug 25513. | |||
| 2018-02-11 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-02-11 | Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 | Nick Mathewson | |
| 2018-02-11 | Merge branch 'maint-0.2.9' into maint-0.3.1 | Nick Mathewson | |
| 2018-02-01 | Revert "Change the sandbox behavior on all failed opens() to EACCES" | Nick Mathewson | |
| This reverts commit 9a06282546418b2e9d21559d4853bcf124b953f4. It appears that I misunderstood how the seccomp2 filter rules interact. It appears that `SCMP_ACT_ERRNO()` always takes precedence over `SCMP_ACT_ALLOW()` -- I had thought instead that earlier rules would override later ones. But this change caused bug 25115 (not in any released Tor). | |||
| 2018-01-26 | Change the sandbox behavior on all failed opens() to EACCES | Nick Mathewson | |
| Previously, most disallowed open(O_RDONLY) attempts would EACCES, but others would fail with a crash. | |||
| 2017-12-12 | Merge branch 'maint-0.3.2' | Nick Mathewson | |
| 2017-12-12 | Make sandbox.c compile when libseccomp-dev is installed on arm64 | Nick Mathewson | |
| Fixes ticket 24424. Patch from weasel. | |||
| 2017-12-11 | Merge branch 'maint-0.3.2' | Nick Mathewson | |
| 2017-12-11 | Stop checking for sandbox:new_element() failures: it can't fail. | Nick Mathewson | |
| (It can't fail because the tor_malloc*() family of functions can never return NULL) Found with STACK | |||
| 2017-12-08 | Merge branch 'macro_free_v2_squashed' | Nick Mathewson | |
| 2017-12-08 | Convert remaining function (mostly static) to new free style | Nick Mathewson | |
| 2017-11-21 | re-run ./scripts/maint/annotate_ifdef_directives | Nick Mathewson | |
| 2017-11-20 | Merge branch 'maint-0.3.2' | Nick Mathewson | |
| 2017-11-20 | Merge remote-tracking branches 'public/ticket24315_029' and ↵ | Nick Mathewson | |
| 'public/bug24198_029' into maint-0.3.2 | |||
| 2017-11-16 | Check the libc version to decide whether to allow openat. | Nick Mathewson | |
| 2017-11-16 | Make our seccomp2 sandbox handle Glibc 2.26 | Nick Mathewson | |
| There are three changes here: * We need to allow epoll_pwait. * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC. * We need to use openat() instead of open(). Note that this fix is not complete, since the openat() change is turned off. The next commit will make the openat() change happen when we're running glibc 2.26 or later. Fix for 24315. | |||
| 2017-11-16 | Permit kill(pid, 0) in the seccomp2 sandbox. | Nick Mathewson | |
| We don't want to allow general signals to be sent, but there's no problem sending a kill(0) to probe whether a process is there. Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox was introduced. | |||
| 2017-10-31 | Merge branch 'fix-torrcd-sandbox-22605v2' | Nick Mathewson | |
| 2017-10-19 | Comment-only change: annotate exit() calls. | Nick Mathewson | |
| Sometimes when we call exit(), it's because the process is completely hopeless: openssl has a broken AES-CTR implementation, or the clock is in the 1960s, or something like that. But sometimes, we should return cleanly from tor_main() instead, so that embedders can keep embedding us and start another Tor process. I've gone through all the exit() and _exit() calls to annotate them with "exit ok" or "XXXX bad exit" -- the next step will be to fix the bad exit()s. First step towards 23848. | |||
| 2017-09-15 | Run our #else/#endif annotator on our source code. | Nick Mathewson | |
| 2017-09-15 | sched: Add sandbox support for KIST | David Goulet | |
| Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
| 2017-09-06 | Better error on failure to load seccomp2 sandbox | Nick Mathewson | |
| There are two reasons this is likeliest to happen -- no kernel support, and some bug in Tor. We'll ask people to check the former before they report. Closes 23090. | |||
| 2017-08-30 | Adds files included by torrc and defaults to sandbox filter #22605 | Daniel Pinto | |
| 2017-08-09 | Remove the #if 0ed code that was supposed to let the sandbox allow exec | Nick Mathewson | |
| 2017-07-27 | Merge branch 'maint-0.3.0' into maint-0.3.1 | Nick Mathewson | |
| 2017-07-27 | Merge branch 'maint-0.3.1' | Nick Mathewson | |
| 2017-07-27 | Merge branch 'maint-0.2.9' into maint-0.3.0 | Nick Mathewson | |
| 2017-07-23 | fix whitespace issue | Roger Dingledine | |
| 2017-07-05 | Allow setsockopt(IPV6_V6ONLY) in sandbox. | Nick Mathewson | |
| Fixes bug 20247. We started setting V6ONLY in 0.2.3.13-alpha and added the sandbox on 0.2.5.1-alpha. | |||
| 2017-07-05 | Use the proper syscall in sandbox error messages | cypherpunks | |
| Fixes #22750. | |||
| 2017-06-28 | Fix crash in LZMA module when the Sandbox is enabled. | Alexander Færøy | |
| This patch fixes a crash in our LZMA module where liblzma will allocate slightly more data than it is allowed to by its limit, which leads to a crash. See: https://bugs.torproject.org/22751 | |||
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| summaryrefslogtreecommitdiff |