tor/changes/seccomp2_sandbox

13 lines
688 B
Plaintext
Raw Normal View History

o Major features (security):
- Use the seccomp2 syscall filtering facility on Linux to limit
which system calls Tor can invoke. This is an experimental,
Linux-only feature to provide defense-in-depth against unknown
attacks. To try turning it on, set "Sandbox 1" in your torrc
file. This is an experimental feature, however, and some things
may break, so please be ready to report bugs. We hope to add
support for better sandboxing in the future,
including more fine-grained filters, better division of
responsibility, and support for more platforms. This work has
been done by Cristian-Matei Toader for Google Summer of Code.