disallow tor exec'ing

Hello from PETS2017. I recently chatted with Nick Mathewson who suggested that it would be very easy to patch tor such that exec'ing programs could optionally be disallowed. Currently there are three torrc config options that can cause tor to exec:

PortForwardingHelper
ClientTransportPlugin
ServerTransportPlugin

Of course these can be used via the control port which is precisely why it was important to the Subgraph OS project to have a decent Tor control port filter; we were mainly concerned with preventing sandbox escapes. I wrote Roflcoptor for this purpose:

https://github.com/subgraph/roflcoptor

A few other projects have also written their own Tor control port filter daemons. I will not list them here. Even with this feature addition to tor, these Tor control port filter daemons will still be useful for limiting the authority delegated by access to the tor control port.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information