On Sun, 17 Jan 2016, at 04:13 AM, Jiri B wrote: > > Could you consider Tor please? > > j. >
tor's pledge will looking something like: pledge("stdio rpath cpath wpath ps id dns inet unix flock getpw proc exec pf", NULL) None of these can be dropped later or made conditional on the configuration, as tor's config can be changed and reloaded while it's running and it needs them all to handle that. Is a wide pledge like this still beneficial? Explanation for these: stdio - is obvious rpath, cpath, wpath - reading/creating/writing cached descriptors etc. (also logging without syslog) ps - uses sysctl to decide resource limits if they're not defined in torrc id - sets rlimits dns - obvious inet - tor needs sockets unix - unix sockets can be used for the socks and control ports flock - locking file to prevent multiple instances writing the data dir getpw - to drop privs, chown unix sockets, answer GETINFO commands to control port proc - daemonising exec - daemonising and pluggable transports pf - this could be ifdef'd, only needed if transparent proxying to pf is enabled when tor is built -- Carlin