On Sun, 17 Jan 2016, at 04:13 AM, Jiri B wrote:
>
> Could you consider Tor please?
>
> j.
>
tor's pledge will looking something like:
pledge("stdio rpath cpath wpath ps id dns inet unix flock getpw
proc exec pf", NULL)
None of these can be dropped later or made conditional on the
configuration, as tor's config can be changed and reloaded while it's
running and it needs them all to handle that.
Is a wide pledge like this still beneficial?
Explanation for these:
stdio - is obvious
rpath, cpath, wpath - reading/creating/writing cached descriptors etc.
(also logging without syslog)
ps - uses sysctl to decide resource limits if they're not defined in
torrc
id - sets rlimits
dns - obvious
inet - tor needs sockets
unix - unix sockets can be used for the socks and control ports
flock - locking file to prevent multiple instances writing the data dir
getpw - to drop privs, chown unix sockets, answer GETINFO commands to
control port
proc - daemonising
exec - daemonising and pluggable transports
pf - this could be ifdef'd, only needed if transparent proxying to pf is
enabled when tor is built
--
Carlin
