[Tor-BSD] [CFT] HardenedBSD's security/tor-capsicum port

George Rosamond george at ceetonetechnology.com
Tue Feb 27 12:55:00 EST 2018

Shawn Webb:
> Hey All,
> Many of you know that I've been working on Capsicum support in Tor.
> I've added a ports entry for it in the HardenedBSD ports tree,
> security/tor-capsicum.
> To enable capmode, you'll need to add "Sandbox 1" to your torrc. Note
> that since libevent does not support Capsicum and creates sockets on
> its own, using DNSPort (most commonly used in transparent proxy
> setups) with capmode enabled is unsupported. I've filed a bug report
> with libevent to start the discussion around adding a
> Capsicum-friendly API for socket creation/maintenance.
> On HardenedBSD 12-CURRENT/amd64, security/tor-capsicum is compiled with:
>   - PIE
>   - Full RELRO
>   - CFI (without the cfi-icall scheme)
>   - SafeStack
>   - Retpoline
>   - Capsicum support
> Please test and let me know any success or failure stories.

Wow.  Can you send a diff to FreeBSD for security/tor and


More information about the Tor-BSD mailing list