Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #22976

Closed (moved)
Open
Opened Jul 19, 2017 by dawuud@dawuud

disallow tor exec'ing

Hello from PETS2017. I recently chatted with Nick Mathewson who suggested that it would be very easy to patch tor such that exec'ing programs could optionally be disallowed. Currently there are three torrc config options that can cause tor to exec:

  1. PortForwardingHelper
  2. ClientTransportPlugin
  3. ServerTransportPlugin

Of course these can be used via the control port which is precisely why it was important to the Subgraph OS project to have a decent Tor control port filter; we were mainly concerned with preventing sandbox escapes. I wrote Roflcoptor for this purpose:

https://github.com/subgraph/roflcoptor

A few other projects have also written their own Tor control port filter daemons. I will not list them here. Even with this feature addition to tor, these Tor control port filter daemons will still be useful for limiting the authority delegated by access to the tor control port.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Tor: 0.3.2.x-final
Milestone
Tor: 0.3.2.x-final
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#22976