tor/changes/seccomp2_sandbox
Cristian Toader f9c1ba6493 Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00

13 lines
688 B
Plaintext

o Major features (security):
- Use the seccomp2 syscall filtering facility on Linux to limit
which system calls Tor can invoke. This is an experimental,
Linux-only feature to provide defense-in-depth against unknown
attacks. To try turning it on, set "Sandbox 1" in your torrc
file. This is an experimental feature, however, and some things
may break, so please be ready to report bugs. We hope to add
support for better sandboxing in the future,
including more fine-grained filters, better division of
responsibility, and support for more platforms. This work has
been done by Cristian-Matei Toader for Google Summer of Code.