[Tor-BSD] [CFT] HardenedBSD's security/tor-capsicum port
George Rosamond
george at ceetonetechnology.com
Tue Feb 27 12:55:00 EST 2018
Shawn Webb:
> Hey All,
>
> Many of you know that I've been working on Capsicum support in Tor.
> I've added a ports entry for it in the HardenedBSD ports tree,
> security/tor-capsicum.
>
> To enable capmode, you'll need to add "Sandbox 1" to your torrc. Note
> that since libevent does not support Capsicum and creates sockets on
> its own, using DNSPort (most commonly used in transparent proxy
> setups) with capmode enabled is unsupported. I've filed a bug report
> with libevent to start the discussion around adding a
> Capsicum-friendly API for socket creation/maintenance.
>
> On HardenedBSD 12-CURRENT/amd64, security/tor-capsicum is compiled with:
> - PIE
> - Full RELRO
> - CFI (without the cfi-icall scheme)
> - SafeStack
> - Retpoline
> - Capsicum support
>
> Please test and let me know any success or failure stories.
Wow. Can you send a diff to FreeBSD for security/tor and
security/tor-devel?
g
More information about the Tor-BSD
mailing list