| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-06-17 | Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS | cypherpunks | |
| The Autoconf macro AC_USE_SYSTEM_EXTENSIONS defines preprocessor macros which turn on extensions to C and POSIX. The macro also makes it easier for developers to use the extensions without needing (or forgetting) to define them manually. The macro can be safely used because it was introduced in Autoconf 2.60 and Tor requires Autoconf 2.63 and above. | |||
| 2016-03-26 | Do not treat "DOCDOC" as doxygen. | Nick Mathewson | |
| 2016-03-14 | Make unix sockets work with the linux seccomp2 sandbox again | Nick Mathewson | |
| I didn't want to grant blanket permissions for chmod() and chown(), so here's what I had to do: * Grant open() on all parent directories of a unix socket * Write code to allow chmod() and chown() on a given file only. * Grant chmod() and chown() on the unix socket. | |||
| 2016-02-27 | Update the copyright year. | Nick Mathewson | |
| 2015-10-15 | Fix compilation of sandbox.[ch] under musl-libc | Nick Mathewson | |
| Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347. | |||
| 2015-01-02 | Bump copyright dates to 2015, in case someday this matters. | Nick Mathewson | |
| 2014-12-30 | Fix a memory leak in tor-resolve | Nick Mathewson | |
| Resolves bug 14050 | |||
| 2014-10-28 | Add another year to our copyright dates. | Nick Mathewson | |
| Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right? | |||
| 2014-09-29 | Merge remote-tracking branch 'origin/maint-0.2.5' | Nick Mathewson | |
| 2014-09-29 | Don't use the getaddrinfo sandbox cache from tor-resolve | Nick Mathewson | |
| Fixes bug 13295; bugfix on 0.2.5.3-alpha. The alternative here is to call crypto_global_init() from tor-resolve, but let's avoid linking openssl into tor-resolve for as long as we can. | |||
| 2014-08-24 | Terser ways to sandbox-allow related filenames | Nick Mathewson | |
| Using the *_array() functions here confused coverity, and was actually a bit longer than we needed. Now we just use macros for the repeated bits, so that we can mention a file and a suffix-appended version in one line. | |||
| 2014-08-21 | Store sandbox params as char *, since that's what they are. | Nick Mathewson | |
| This allows coverity to infer that we aren't leaking them. [Fixes a lot of CIDs] | |||
| 2014-06-11 | Merge remote-tracking branch 'public/bug11970' | Nick Mathewson | |
| 2014-05-27 | Make sandbox.c compile on arm | Nick Mathewson | |
| This is a minimal set of changes for compilation; I need a more recent kernel to test this stuff. | |||
| 2014-05-22 | sandbox: revamp sandbox_getaddrinfo cacheing | Nick Mathewson | |
| The old cache had problems: * It needed to be manually preloaded. (It didn't remember any address you didn't tell it to remember) * It was AF_INET only. * It looked at its cache even if the sandbox wasn't turned on. * It couldn't remember errors. * It had some memory management problems. (You can't use memcpy to copy an addrinfo safely; it has pointers in.) This patch fixes those issues, and moves to a hash table. Fixes bug 11970; bugfix on 0.2.5.1-alpha. | |||
| 2014-05-20 | sandbox: Disallow options which would make us call exec() | Nick Mathewson | |
| None of the things we might exec() can possibly run under the sanbox, so rather than crash later, we have to refuse to accept the configuration nice and early. The longer-term solution is to have an exec() helper, but wow is that risky. fixes 12043; bugfix on 0.2.5.1-alpha | |||
| 2014-04-16 | Don't allow change to ConnLimit while sandbox is active | Nick Mathewson | |
| 2014-04-16 | Clean up sandbox structures a bit | Nick Mathewson | |
| Drop pindex,pindex2 as unused. Admit a type to avoid using a void* | |||
| 2014-04-16 | Drop 'fr' parameter from sandbox code. | Nick Mathewson | |
| Appearently, the majority of the filenames we pass to sandbox_cfg_allow() functions are "freeable right after". So, consider _all_ of them safe-to-steal, and add a tor_strdup() in the few cases that aren't. (Maybe buggy; revise when I can test.) | |||
| 2014-04-16 | Add 'rename' to the sandboxed syscalls | Nick Mathewson | |
| (If we don't restrict rename, there's not much point in restricting open, since an attacker could always use rename to make us open whatever they want.) | |||
| 2013-11-18 | Merge branch 'backtrace_squashed' | Nick Mathewson | |
| Conflicts: src/common/sandbox.c src/common/sandbox.h src/common/util.c src/or/main.c src/test/include.am src/test/test.c | |||
| 2013-11-18 | Add a sighandler-safe logging mechanism | Nick Mathewson | |
| We had accidentially grown two fake ones: one for backtrace.c, and one for sandbox.c. Let's do this properly instead. Now, when we configure logs, we keep track of fds that should get told about bad stuff happening from signal handlers. There's another entry point for these that avoids using non-signal-handler-safe functions. | |||
| 2013-09-11 | Fix osx compilation again, hopefully better this time. | Nick Mathewson | |
| 2013-09-10 | fixed compilation error on i386 linux by moving sandbox_cfg_t definition | Cristian Toader | |
| 2013-09-09 | Fix check-spaces | Nick Mathewson | |
| 2013-09-09 | Fix compilation on OSX | Nick Mathewson | |
| 2013-09-09 | Fix most of the --enable-gcc-warnings warnings in the sandbox code | Nick Mathewson | |
| 2013-09-09 | Basic compilation fixes. | Nick Mathewson | |
| 2013-09-06 | passing hints as a const pointer to sandbox_getaddrinfo(), also one tor_free ↵ | Cristian Toader | |
| macro fails to compile.. | |||
| 2013-09-03 | fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0 | Cristian Toader | |
| 2013-09-02 | switched to a more generic way of handling the sandbox configuration | Cristian Toader | |
| 2013-09-02 | changed how sb getaddrinfo works such that it supports storing multiple results | Cristian Toader | |
| 2013-08-29 | documentation update for _array functions | Cristian Toader | |
| 2013-08-29 | _array filter functions now rely on final NULL parameter | Cristian Toader | |
| 2013-08-29 | replaced boolean char with int | Cristian Toader | |
| 2013-08-29 | small fixes in documentation and sandbox_getaddrinfo() | Cristian Toader | |
| 2013-08-28 | Added doxygen struct doc and replaced func() with funct(void) | Cristian Toader | |
| 2013-08-28 | removed PARAM_LEN | Cristian Toader | |
| 2013-08-19 | fix for getaddrinfo open syscall | Cristian Toader | |
| 2013-08-15 | added comments for sandbox.h | Cristian Toader | |
| 2013-08-12 | attempt to add stat64 filename filters; failed due to getaddrinfo.. | Cristian Toader | |
| 2013-08-10 | fixed memory leak, added array filter support | Cristian Toader | |
| 2013-08-05 | multi-configuration support using sandbox_t struct | Cristian Toader | |
| 2013-08-05 | added execve and multi-configuration support | Cristian Toader | |
| 2013-07-30 | switched to a design using filters as function pointer arrays | Cristian Toader | |
| 2013-07-30 | small filter changes; openat as separate function | Cristian Toader | |
| 2013-07-29 | added openat parameter filter | Cristian Toader | |
| 2013-07-29 | Changes as suggested by nickm | Cristian Toader | |
| - char* to const char* and name refactoring - workaround for accept4 syscall | |||
| 2013-07-25 | integrated context for dynamic filters | Cristian Toader | |
| 2013-07-25 | initia stages of runtime dynamic filters | Cristian Toader | |
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| aboutsummaryrefslogtreecommitdiff |