#20063: Permit sched_yield in sandbox ----------------------------+------------------------------------ Reporter: nickm | Owner: nickm Type: defect | Status: needs_review Priority: Medium | Milestone: Tor: 0.2.9.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: review-group-8 | Actual Points: 0 Parent ID: | Points: 0 Reviewer: | Sponsor: ----------------------------+------------------------------------
Comment (by asn): Hmm, is there a way to reproduce this problem, so that we can test the fix? I tried running an unpatched tor (git-6abce601f22) with `--enable- expensive-hardening` and `Sandbox 1` and encountered no problems with this torrc: {{{ Sandbox 1 SocksPort auto }}} Tor bootstrapped to 100% no problem. All in all, the patch seems like it's doing what is advertised, but I actually don't know anything about the workings of seccomp and our sandbox. A review by a more experienced person in this area would be appreciated. One question: Should we only whitelist those syscalls '''if and only if''' ASAN is enabled? Because IIUC, now they are whitelisted for all builds. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20063#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs