nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

add a changes file for the sandbox fixes series

Browse Source
This commit is contained in:
Nick Mathewson 2014-04-16 22:45:27 -04:00
parent f41491816c
commit 506c890440
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
changes/sandbox_fixes_11351 Normal file
View File

@ -0,0 +1,13 @@
o Major features:
- Refinements and improvements to the Linux seccomp2 sandbox code:
the sandbox can now run a test network for multiple hours without
crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
NONBLOCK at the same place and time, having server keys, being an
authority, receiving a HUP, or using IPv6.) The sandbox is still
experimental, and more bugs will probably turn up. To try it,
enable "Sandbox 1" on a Linux host.
- Strengthen the Linux seccomp2 sandbox code: the sandbox can now
test the arguments for rename(), and blocks _sysctl() entirely.