From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39915) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLqfV-0001aA-Vm for guix-patches@gnu.org; Fri, 16 Jun 2017 08:48:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLqfS-0002K6-Ra for guix-patches@gnu.org; Fri, 16 Jun 2017 08:48:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:47734) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dLqfS-0002Jw-O6 for guix-patches@gnu.org; Fri, 16 Jun 2017 08:48:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dLqfS-0006MR-HE for guix-patches@gnu.org; Fri, 16 Jun 2017 08:48:02 -0400 Subject: [bug#27394] [PATCH] gnu: tor: Add seccomp support. Resent-Message-ID: Date: Fri, 16 Jun 2017 12:46:39 +0000 From: ng0 Message-ID: <20170616124639.a7lq7dgrbmr2wn4t@abyayala> References: <20170616120108.d5kx6h2ukiy7qtux@abyayala> <00b283d856293540d950c67502d4538e@mykolab.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rwy6dmzddrkmpyyv" Content-Disposition: inline In-Reply-To: <00b283d856293540d950c67502d4538e@mykolab.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Rutger Helling Cc: 27394@debbugs.gnu.org --rwy6dmzddrkmpyyv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Rutger Helling transcribed 2.6K bytes: > Hey ng0,=20 >=20 > I think that ticket references whether the default torrc should have > "Sandbox 1". I understood the Whonix mail, which is how I got to the trac of tor, in the way that they don't enable seccomp because tor does not enable it as default. I'm not 100% positive on this, but I think I used tor with +seccomp and hardening in Gentoo for a very long time. > This patch doesn't do that, you still have to set that > manually if you want to use it. It only gives you the option (Tor will > just ignore that option in Guix right now).=20 >=20 > I also don't think that hardening and the sandbox bite each other in any > way.=20 >=20 > On 2017-06-16 14:01, ng0 wrote: >=20 > > Rutger Helling transcribed 2.5K bytes:=20 > >=20 > >> Hello,=20 > >>=20 > >> this patch adds seccomp support to tor. > >=20 > > There's the question if we would want that. > > tor doesn't enable it by default, see: https://trac.torproject.org/proj= ects/tor/ticket/19215 > > But we also enable hardening by default, which differs from the tor def= ault. > > I have no problem with moving unstable features in, but hardening > > seems much more tested to me than seccomp. --=20 ng0 OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://krosos.org/~/ng0/ https://www.infotropique.org --rwy6dmzddrkmpyyv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllD0y8ACgkQ4i+bv+40 hYgwWA/+OtyJii7+kefGbMykAF32fYU+q+Lqc1pILxDlTCOYGjQfQzFozFK0SJqt RPB3iVo1eSYZA5g6umtCi4dYECrZ9P7YUOWqONmxkXE8+7iWcabL84TJdJvPOTca KyoVSKd7Nh7nuELP3KF56riaIS/ADjtq/MOZk7oFmpVc6rtzy3D3UJzVJh1UMudO 5EQsxz+r4lz0xmnM7EQyjZyNBIwNeBx7d/uQFgqaUDs4wxTkIMqFXwPo4/cLvUgo 33oW6WtOzVQ4xVtRNu3haUTrMXC+5+yIs+SBbEOVf1nrcnxm7tJa1DZXAfeSTQ1L anQW0M5w3Kn6hqcEl1D40M8FtNBjUSESGg5OfC3PUyUOyxvNSbrnwPp+DmQtkwc7 oGV1NfcdyKIEiktM5fqvC6DtPxKTZjCIK+7/8PT9i75/errozzI6xyr8GQiEuK4K CGHv99q0JGiSmbb0Ktg/zWjXcdwPfLooQGiAfQOZd14OLLoO9o3zgjj4FJXywSrl MO54VhkjKSXPQBCr7cj1/me1HV0szTjbHgBkXl17Pjw6EH5Zm+iD6FPEd0AkPI9g 5idG8YrOk1zosvG6hnZw6wzRl5DVEjO52DMgAvfzRQM1lzPWq3sXX054qTTaoEYW aQ9N/55cANmTh/Co59hB6AxEhymlA72VrWVS3ZkRujEPMFsrx9s= =BBe5 -----END PGP SIGNATURE----- --rwy6dmzddrkmpyyv--