Hello tor-dev,
Here goes the status report for the past 2 weeks - I have been preparing the code for the first step of the project to be merged in the Tor master branch, which represented a number of changes required by nickm; the full process can be seen here [1], the branch was squashed and should be merged one of these days.
- Step 2: - current progress - has changed a bit, and now requires to create a sandbox as 'tight' as possible around the Tor syscalls; - this is achieved my filtering not only syscalls but also syscall parameters, current efforts on my part can be found here [2] in branch "gsoc-cap-stage2"; - the current problem with this stage is filtering string parameters for syscalls which can be done using immutable strings using protected memory regions; - unfortunately some syscalls are out of reach being part of libraries and therefore their parameters cannot be controlled (the pointer used in the seccomp filter cannot be reference in the syscall) which will need to be solved (any suggestions are appreciated).
- I have implemented ioerror's suggestion about policy files but is not pushed to git mainly because after talking to nickm we concluded that the implementation effort is not justified especially now when filter configurations are constantly changing which would require also changing how policy files are parsed, having mostly the same end result; furthermore some of the string filter parameters may be generated on runtime, which may be inconsistent with the solution, but I will keep this in mind towards the finishing stage of the development process, especially since it offers an elegant way of configuring and testing different filters.
As a small side-note I will mostly be traveling the majority of next week, so I may not be as reachable as before.
Looking forward to some feedback, if you happen to have any!
References: [1] https://trac.torproject.org/projects/tor/ticket/9168 [2] https://github.com/cristiantoader/tor-gsoc-capabilities