On Tue, Sep 26, 2017 at 07:37:53PM +, Shawn Webb wrote:
> Hey All,
>
> I'm working on applying Capsicum to Tor. I've got a PoC design for how
> I'm going to do it posted here:
>
> https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing
>
> Note that the above code might have ugly spot
ECAPMODE means the syscall is forbidden, surely?
On 26 September 2017 at 20:37, Shawn Webb wrote:
> Hey All,
>
> I'm working on applying Capsicum to Tor. I've got a PoC design for how
> I'm going to do it posted here:
>
> https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing
>
> Note tha
Perhaps. But if the file descriptor is given the CAP_CONNECT capability, I
should be able to call connect(2) on it, right? The manpage for
connect(2) does not state that connect(2) is fully disallowed, even if
CAP_CONNECT is a granted capability.
On Tue, Sep 26, 2017 at 10:02:53PM +, Ben Lauri
Hey All,
I'm working on applying Capsicum to Tor. I've got a PoC design for how
I'm going to do it posted here:
https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing
Note that the above code might have ugly spots. It's mostly just a brain
dump.
Essentially, the child process creates th
