[Tor-BSD] [CFT] HardenedBSD's security/tor-capsicum port
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Feb 27 12:59:32 EST 2018
On Tue, Feb 27, 2018 at 05:55:00PM +0000, George Rosamond wrote:
> Shawn Webb:
> > Hey All,
> >
> > Many of you know that I've been working on Capsicum support in Tor.
> > I've added a ports entry for it in the HardenedBSD ports tree,
> > security/tor-capsicum.
> >
> > To enable capmode, you'll need to add "Sandbox 1" to your torrc. Note
> > that since libevent does not support Capsicum and creates sockets on
> > its own, using DNSPort (most commonly used in transparent proxy
> > setups) with capmode enabled is unsupported. I've filed a bug report
> > with libevent to start the discussion around adding a
> > Capsicum-friendly API for socket creation/maintenance.
> >
> > On HardenedBSD 12-CURRENT/amd64, security/tor-capsicum is compiled with:
> > - PIE
> > - Full RELRO
> > - CFI (without the cfi-icall scheme)
> > - SafeStack
> > - Retpoline
> > - Capsicum support
> >
> > Please test and let me know any success or failure stories.
>
> Wow. Can you send a diff to FreeBSD for security/tor and
> security/tor-devel?
I can send a diff up to FreeBSD for security/tor-capsicum. I'd rather
not touch the other ports as Capsicum support is highly experimental.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20180227/0dad5fb6/attachment.bin>
More information about the Tor-BSD
mailing list