disallow tor exec'ing
Hello from PETS2017. I recently chatted with Nick Mathewson who suggested that it would be very easy to patch tor such that exec'ing programs could optionally be disallowed. Currently there are three torrc config options that can cause tor to exec:
- PortForwardingHelper
- ClientTransportPlugin
- ServerTransportPlugin
Of course these can be used via the control port which is precisely why it was important to the Subgraph OS project to have a decent Tor control port filter; we were mainly concerned with preventing sandbox escapes. I wrote Roflcoptor for this purpose:
https://github.com/subgraph/roflcoptor
A few other projects have also written their own Tor control port filter daemons. I will not list them here. Even with this feature addition to tor, these Tor control port filter daemons will still be useful for limiting the authority delegated by access to the tor control port.