[Tor-BSD] [CFT] HardenedBSD's security/tor-capsicum port
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Feb 27 12:48:29 EST 2018
Hey All,
Many of you know that I've been working on Capsicum support in Tor.
I've added a ports entry for it in the HardenedBSD ports tree,
security/tor-capsicum.
To enable capmode, you'll need to add "Sandbox 1" to your torrc. Note
that since libevent does not support Capsicum and creates sockets on
its own, using DNSPort (most commonly used in transparent proxy
setups) with capmode enabled is unsupported. I've filed a bug report
with libevent to start the discussion around adding a
Capsicum-friendly API for socket creation/maintenance.
On HardenedBSD 12-CURRENT/amd64, security/tor-capsicum is compiled with:
- PIE
- Full RELRO
- CFI (without the cfi-icall scheme)
- SafeStack
- Retpoline
- Capsicum support
Please test and let me know any success or failure stories.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20180227/b5e48849/attachment.bin>
More information about the Tor-BSD
mailing list