From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 16 07:22:02 2017 Received: (at submit) by debbugs.gnu.org; 16 Jun 2017 11:22:02 +0000 Received: from localhost ([127.0.0.1]:50310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLpK8-0002Vt-UD for submit@debbugs.gnu.org; Fri, 16 Jun 2017 07:22:02 -0400 Received: from eggs.gnu.org ([208.118.235.92]:57242) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLpK6-0002Vg-Q6 for submit@debbugs.gnu.org; Fri, 16 Jun 2017 07:21:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLpK0-0003O3-L3 for submit@debbugs.gnu.org; Fri, 16 Jun 2017 07:21:49 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,FREEMAIL_FROM, HTML_MESSAGE autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:48774) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dLpK0-0003Nd-HK for submit@debbugs.gnu.org; Fri, 16 Jun 2017 07:21:48 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48211) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLpJz-0004YG-3L for guix-patches@gnu.org; Fri, 16 Jun 2017 07:21:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLpJv-0003Iy-Ne for guix-patches@gnu.org; Fri, 16 Jun 2017 07:21:47 -0400 Received: from mx.kolabnow.com ([95.128.36.1]:33560 helo=mx-out01.mykolab.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dLpJv-0003FZ-FS for guix-patches@gnu.org; Fri, 16 Jun 2017 07:21:43 -0400 X-Virus-Scanned: amavisd-new at kolabnow.com Received: from mx03.mykolab.com (mx03.mykolab.com [10.20.7.101]) by mx-out01.mykolab.com (Postfix) with ESMTPS id F3B4661CFB for ; Fri, 16 Jun 2017 13:21:37 +0200 (CEST) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_ca168bd71ea8e5ededcce8d871447efb" Date: Fri, 16 Jun 2017 13:21:37 +0200 From: Rutger Helling To: guix-patches@gnu.org Subject: [PATCH] gnu: tor: Add seccomp support. Message-ID: X-Sender: rhelling@mykolab.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=_ca168bd71ea8e5ededcce8d871447efb Content-Type: multipart/alternative; boundary="=_7a280cc2365c917e5ed3e2f011284529" --=_7a280cc2365c917e5ed3e2f011284529 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Hello, this patch adds seccomp support to tor. --=_7a280cc2365c917e5ed3e2f011284529 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

Hello,

this patch adds seccomp support to tor.

 
--=_7a280cc2365c917e5ed3e2f011284529-- --=_ca168bd71ea8e5ededcce8d871447efb Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=0001-gnu-tor-Add-seccomp-support.patch Content-Disposition: attachment; filename=0001-gnu-tor-Add-seccomp-support.patch; size=1127 RnJvbSA1ZTkzNzMzYmJhMTQ1YWMzZTNhM2YzOWZiNDNmMjVhZDcxMjVmYTJmIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSdXRnZXIgSGVsbGluZyA8cmhlbGxpbmdAbXlrb2xhYi5jb20+ CkRhdGU6IEZyaSwgMTYgSnVuIDIwMTcgMTM6MTU6MTcgKzAyMDAKU3ViamVjdDogW1BBVENIXSBn bnU6IHRvcjogQWRkIHNlY2NvbXAgc3VwcG9ydC4KCiogZ251L3BhY2thZ2VzL3Rvci5zY20gKHRv cilbaW5wdXRzXTogQWRkIGxpYnNlY2NvbXAuCi0tLQogZ251L3BhY2thZ2VzL3Rvci5zY20gfCA0 ICsrKy0KIDEgZmlsZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRp ZmYgLS1naXQgYS9nbnUvcGFja2FnZXMvdG9yLnNjbSBiL2dudS9wYWNrYWdlcy90b3Iuc2NtCmlu ZGV4IDgxOTA5MmNiNy4uYmNiNWFhY2JkIDEwMDY0NAotLS0gYS9nbnUvcGFja2FnZXMvdG9yLnNj bQorKysgYi9nbnUvcGFja2FnZXMvdG9yLnNjbQpAQCAtNSw2ICs1LDcgQEAKIDs7OyBDb3B5cmln aHQgwqkgMjAxNiwgMjAxNyBuZzAgPGNvbnRhY3QubmcwQGNyeXB0b2xhYi5uZXQ+CiA7OzsgQ29w eXJpZ2h0IMKpIDIwMTcgVG9iaWFzIEdlZXJpbmNreC1SaWNlIDxtZUB0b2JpYXMuZ3I+CiA7Ozsg Q29weXJpZ2h0IMKpIDIwMTcgRXJpYyBCYXZpZXIgPGJhdmllckBtZW1iZXIuZnNmLm9yZz4KKzs7 OyBDb3B5cmlnaHQgwqkgMjAxNyBSdXRnZXIgSGVsbGluZyA8cmhlbGxpbmdAbXlrb2xhYi5jb20+ CiA7OzsKIDs7OyBUaGlzIGZpbGUgaXMgcGFydCBvZiBHTlUgR3VpeC4KIDs7OwpAQCAtNjEsNyAr NjIsOCBAQAogICAgIChpbnB1dHMKICAgICAgYCgoInpsaWIiICx6bGliKQogICAgICAgICgib3Bl bnNzbCIgLG9wZW5zc2wpCi0gICAgICAgKCJsaWJldmVudCIgLGxpYmV2ZW50KSkpCisgICAgICAg KCJsaWJldmVudCIgLGxpYmV2ZW50KQorICAgICAgICgibGlic2VjY29tcCIsIGxpYnNlY2NvbXAp KSkKICAgICAoaG9tZS1wYWdlICJodHRwczovL3d3dy50b3Jwcm9qZWN0Lm9yZy8iKQogICAgIChz eW5vcHNpcyAiQW5vbnltb3VzIG5ldHdvcmsgcm91dGVyIHRvIGltcHJvdmUgcHJpdmFjeSBvbiB0 aGUgSW50ZXJuZXQiKQogICAgIChkZXNjcmlwdGlvbgotLSAKMi4xMy4xCgo= --=_ca168bd71ea8e5ededcce8d871447efb-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 16 08:02:05 2017 Received: (at 27394) by debbugs.gnu.org; 16 Jun 2017 12:02:05 +0000 Received: from localhost ([127.0.0.1]:50370 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLpwz-0005IM-3c for submit@debbugs.gnu.org; Fri, 16 Jun 2017 08:02:05 -0400 Received: from aibo.runbox.com ([91.220.196.211]:53926) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLpwx-0005IE-Fg for 27394@debbugs.gnu.org; Fri, 16 Jun 2017 08:02:03 -0400 Received: from [10.9.9.211] (helo=mailfront11.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1dLpwp-0004rw-Rt; Fri, 16 Jun 2017 14:01:55 +0200 Received: from [31.41.219.228] (helo=localhost) by mailfront11.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1dLpw7-0002Y6-TO; Fri, 16 Jun 2017 14:01:12 +0200 Date: Fri, 16 Jun 2017 12:01:08 +0000 From: ng0 To: Rutger Helling Subject: Re: [bug#27394] [PATCH] gnu: tor: Add seccomp support. Message-ID: <20170616120108.d5kx6h2ukiy7qtux@abyayala> Mail-Followup-To: Rutger Helling , 27394@debbugs.gnu.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7qjrcyt77d6uejsp" Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27394 Cc: 27394@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --7qjrcyt77d6uejsp Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Rutger Helling transcribed 2.5K bytes: > Hello,=20 >=20 > this patch adds seccomp support to tor. There's the question if we would want that. tor doesn't enable it by default, see: https://trac.torproject.org/projects= /tor/ticket/19215 But we also enable hardening by default, which differs from the tor default. I have no problem with moving unstable features in, but hardening seems much more tested to me than seccomp. --=20 ng0 OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://krosos.org/~/ng0/ https://www.infotropique.org --7qjrcyt77d6uejsp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllDyIQACgkQ4i+bv+40 hYjr9Q//WlK3xZ7Rh921sX27xcXrWo7eCuterYn8XO/4AGq9jO5V/aUaWKfkWgW5 43wlDzs9P1UB80zLGFSQ5trRlL+p/e9VvTgtZZaStFoc+2njdpJqjT3tc5A+1/Ay JRRBzdEdPPYMiy4slL8bZVuXajFOC2c9Qtvazog5RgCTQdPdZ1eoOiV4CxoBEKeI rf1Pe+jytIXIEmT4QkqcNc8k/sh7qzrTgHV8ez+VhUMneN+NR4fJFRZcIkoMwKr1 raxGl0SytEvOrC94B6RfrABYA98GDff5RCaQzB+yJH7iNbz+GOBTqFRQFhnjCZsx vBmZvg/54b4FPLYwqhuQi5i4FJGPdZ+9Xjp9aiL6XTJlPweD7F+44US+IoDEU+2X 8DSoj6wQMIvlyVzJ2Zdw74bAe3jF6uaPsiiPeAT0qioPxszROEVkwDSbeAxZqX9m HOGz6Jb/y2CVypvvCe/8f5tRMkpntt8VXAipa5YqIWA1bfDjAb45M1onAqlvIAeB VXpWIn2fhUL7dM8ehy1NkiMyBaTfgboh1ORmySer01Zt8Jcq1ApLvjhr8o+IS2va K8nTL8Xw6MGemEP6xlze0V9uP5XKdDEK6qt5VEX2Xhdush3/1UT821wXshhKqudk kNmHgralMOm6ua0LpAIcU4FlV62npt9SV3GdQRjedWGt/PllBi8= =bdov -----END PGP SIGNATURE----- --7qjrcyt77d6uejsp-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 16 08:33:43 2017 Received: (at 27394) by debbugs.gnu.org; 16 Jun 2017 12:33:43 +0000 Received: from localhost ([127.0.0.1]:50384 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLqRb-00060V-1W for submit@debbugs.gnu.org; Fri, 16 Jun 2017 08:33:43 -0400 Received: from mx.kolabnow.com ([95.128.36.1]:37572 helo=mx-out01.mykolab.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLqRY-00060G-KU for 27394@debbugs.gnu.org; Fri, 16 Jun 2017 08:33:41 -0400 X-Virus-Scanned: amavisd-new at kolabnow.com X-Spam-Flag: NO X-Spam-Score: -2.908 X-Spam-Level: X-Spam-Status: No, score=-2.908 tagged_above=-10 required=6.31 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mx03.mykolab.com (mx03.mykolab.com [10.20.7.101]) by mx-out01.mykolab.com (Postfix) with ESMTPS id 83CD660067 for <27394@debbugs.gnu.org>; Fri, 16 Jun 2017 14:33:32 +0200 (CEST) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_12cc08064fe61caa7ce1de7c2bfc4ab8" Date: Fri, 16 Jun 2017 14:33:31 +0200 From: Rutger Helling To: 27394@debbugs.gnu.org Subject: Re: [bug#27394] [PATCH] gnu: tor: Add seccomp support. In-Reply-To: <20170616120108.d5kx6h2ukiy7qtux@abyayala> References: <20170616120108.d5kx6h2ukiy7qtux@abyayala> Message-ID: <00b283d856293540d950c67502d4538e@mykolab.com> X-Sender: rhelling@mykolab.com X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27394 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=_12cc08064fe61caa7ce1de7c2bfc4ab8 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Hey ng0, I think that ticket references whether the default torrc should have "Sandbox 1". This patch doesn't do that, you still have to set that manually if you want to use it. It only gives you the option (Tor will just ignore that option in Guix right now). I also don't think that hardening and the sandbox bite each other in any way. On 2017-06-16 14:01, ng0 wrote: > Rutger Helling transcribed 2.5K bytes: > >> Hello, >> >> this patch adds seccomp support to tor. > > There's the question if we would want that. > tor doesn't enable it by default, see: https://trac.torproject.org/projects/tor/ticket/19215 > But we also enable hardening by default, which differs from the tor default. > I have no problem with moving unstable features in, but hardening > seems much more tested to me than seccomp. --=_12cc08064fe61caa7ce1de7c2bfc4ab8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

Hey ng0,

I think that ticket references whether the default torrc should have "Sa= ndbox 1". This patch doesn't do that, you still have to set that manually i= f you want to use it. It only gives you the option (Tor will just ignore th= at option in Guix right now).

I also don't think that hardening and the sandbox bite each other in any= way.

On 2017-06-16 14:01, ng0 wrote:

= Rutger Helling transcribed 2.5K bytes:
Hello,

this patch adds seccomp support to= tor.

There's the question if we would want that.
tor doesn't enable= it by default, see: https://trac.torproject.org/projects/tor/ticket/19215
= But we also enable hardening by default, which differs from the tor defaul= t.
I have no problem with moving unstable features in, but hardening<= br /> seems much more tested to me than seccomp.

 

 
--=_12cc08064fe61caa7ce1de7c2bfc4ab8-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 16 08:47:04 2017 Received: (at 27394) by debbugs.gnu.org; 16 Jun 2017 12:47:04 +0000 Received: from localhost ([127.0.0.1]:50406 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLqeW-0006Kb-5P for submit@debbugs.gnu.org; Fri, 16 Jun 2017 08:47:04 -0400 Received: from aibo.runbox.com ([91.220.196.211]:33022) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLqeT-0006KF-Tt for 27394@debbugs.gnu.org; Fri, 16 Jun 2017 08:47:02 -0400 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1dLqeS-0007KN-Ep; Fri, 16 Jun 2017 14:47:00 +0200 Received: from [179.43.146.230] (helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1dLqeC-0004aU-DN; Fri, 16 Jun 2017 14:46:44 +0200 Date: Fri, 16 Jun 2017 12:46:39 +0000 From: ng0 To: Rutger Helling Subject: Re: [bug#27394] [PATCH] gnu: tor: Add seccomp support. Message-ID: <20170616124639.a7lq7dgrbmr2wn4t@abyayala> Mail-Followup-To: Rutger Helling , 27394@debbugs.gnu.org References: <20170616120108.d5kx6h2ukiy7qtux@abyayala> <00b283d856293540d950c67502d4538e@mykolab.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rwy6dmzddrkmpyyv" Content-Disposition: inline In-Reply-To: <00b283d856293540d950c67502d4538e@mykolab.com> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27394 Cc: 27394@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --rwy6dmzddrkmpyyv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Rutger Helling transcribed 2.6K bytes: > Hey ng0,=20 >=20 > I think that ticket references whether the default torrc should have > "Sandbox 1". I understood the Whonix mail, which is how I got to the trac of tor, in the way that they don't enable seccomp because tor does not enable it as default. I'm not 100% positive on this, but I think I used tor with +seccomp and hardening in Gentoo for a very long time. > This patch doesn't do that, you still have to set that > manually if you want to use it. It only gives you the option (Tor will > just ignore that option in Guix right now).=20 >=20 > I also don't think that hardening and the sandbox bite each other in any > way.=20 >=20 > On 2017-06-16 14:01, ng0 wrote: >=20 > > Rutger Helling transcribed 2.5K bytes:=20 > >=20 > >> Hello,=20 > >>=20 > >> this patch adds seccomp support to tor. > >=20 > > There's the question if we would want that. > > tor doesn't enable it by default, see: https://trac.torproject.org/proj= ects/tor/ticket/19215 > > But we also enable hardening by default, which differs from the tor def= ault. > > I have no problem with moving unstable features in, but hardening > > seems much more tested to me than seccomp. --=20 ng0 OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://krosos.org/~/ng0/ https://www.infotropique.org --rwy6dmzddrkmpyyv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAllD0y8ACgkQ4i+bv+40 hYgwWA/+OtyJii7+kefGbMykAF32fYU+q+Lqc1pILxDlTCOYGjQfQzFozFK0SJqt RPB3iVo1eSYZA5g6umtCi4dYECrZ9P7YUOWqONmxkXE8+7iWcabL84TJdJvPOTca KyoVSKd7Nh7nuELP3KF56riaIS/ADjtq/MOZk7oFmpVc6rtzy3D3UJzVJh1UMudO 5EQsxz+r4lz0xmnM7EQyjZyNBIwNeBx7d/uQFgqaUDs4wxTkIMqFXwPo4/cLvUgo 33oW6WtOzVQ4xVtRNu3haUTrMXC+5+yIs+SBbEOVf1nrcnxm7tJa1DZXAfeSTQ1L anQW0M5w3Kn6hqcEl1D40M8FtNBjUSESGg5OfC3PUyUOyxvNSbrnwPp+DmQtkwc7 oGV1NfcdyKIEiktM5fqvC6DtPxKTZjCIK+7/8PT9i75/errozzI6xyr8GQiEuK4K CGHv99q0JGiSmbb0Ktg/zWjXcdwPfLooQGiAfQOZd14OLLoO9o3zgjj4FJXywSrl MO54VhkjKSXPQBCr7cj1/me1HV0szTjbHgBkXl17Pjw6EH5Zm+iD6FPEd0AkPI9g 5idG8YrOk1zosvG6hnZw6wzRl5DVEjO52DMgAvfzRQM1lzPWq3sXX054qTTaoEYW aQ9N/55cANmTh/Co59hB6AxEhymlA72VrWVS3ZkRujEPMFsrx9s= =BBe5 -----END PGP SIGNATURE----- --rwy6dmzddrkmpyyv-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 16 09:10:29 2017 Received: (at 27394) by debbugs.gnu.org; 16 Jun 2017 13:10:29 +0000 Received: from localhost ([127.0.0.1]:50445 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLr1B-0006vj-Bv for submit@debbugs.gnu.org; Fri, 16 Jun 2017 09:10:29 -0400 Received: from aibo.runbox.com ([91.220.196.211]:59588) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLr1A-0006vb-1y for 27394@debbugs.gnu.org; Fri, 16 Jun 2017 09:10:28 -0400 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1dLr12-0002bG-K9; Fri, 16 Jun 2017 15:10:20 +0200 Received: from [85.159.237.210] (helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1dLr0s-0006qi-Ju; Fri, 16 Jun 2017 15:10:10 +0200 Date: Fri, 16 Jun 2017 13:10:08 +0000 From: ng0 To: Rutger Helling , 27394@debbugs.gnu.org Subject: Re: [bug#27394] [PATCH] gnu: tor: Add seccomp support. Message-ID: <20170616131008.deg2qeu7fzwwxnxy@abyayala> Mail-Followup-To: Rutger Helling , 27394@debbugs.gnu.org References: <20170616120108.d5kx6h2ukiy7qtux@abyayala> <00b283d856293540d950c67502d4538e@mykolab.com> <20170616124639.a7lq7dgrbmr2wn4t@abyayala> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20170616124639.a7lq7dgrbmr2wn4t@abyayala> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27394 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) The patch itself seems to work. Just introducing upstream explicitly marked (see 'man tor') as "experimental" features is difficult. As long as nothing breaks it's okay I guess. Should tor or the GuixSD native tor-service start to consume too much resources, we can still adjust. ng0 transcribed 2.3K bytes: > Rutger Helling transcribed 2.6K bytes: > > Hey ng0, > > > > I think that ticket references whether the default torrc should have > > "Sandbox 1". > > I understood the Whonix mail, which is how I got to the trac of tor, > in the way that they don't enable seccomp because tor does not enable > it as default. I'm not 100% positive on this, but I think I used > tor with +seccomp and hardening in Gentoo for a very long time. > > > > This patch doesn't do that, you still have to set that > > manually if you want to use it. It only gives you the option (Tor will > > just ignore that option in Guix right now). > > > > I also don't think that hardening and the sandbox bite each other in any > > way. > > > > On 2017-06-16 14:01, ng0 wrote: > > > > > Rutger Helling transcribed 2.5K bytes: > > > > > >> Hello, > > >> > > >> this patch adds seccomp support to tor. > > > > > > There's the question if we would want that. > > > tor doesn't enable it by default, see: https://trac.torproject.org/projects/tor/ticket/19215 > > > But we also enable hardening by default, which differs from the tor default. > > > I have no problem with moving unstable features in, but hardening > > > seems much more tested to me than seccomp. > > -- > ng0 > OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > https://krosos.org/~/ng0/ https://www.infotropique.org -- ng0 OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://krosos.org/~/ng0/ https://www.infotropique.org From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 16 18:09:24 2017 Received: (at 27394) by debbugs.gnu.org; 16 Jun 2017 22:09:24 +0000 Received: from localhost ([127.0.0.1]:51783 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLzQi-0007ER-6n for submit@debbugs.gnu.org; Fri, 16 Jun 2017 18:09:24 -0400 Received: from aibo.runbox.com ([91.220.196.211]:54344) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLzQg-0007EG-0S for 27394@debbugs.gnu.org; Fri, 16 Jun 2017 18:09:22 -0400 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1dLzQe-0000N3-GA; Sat, 17 Jun 2017 00:09:20 +0200 Received: from 178-17-170-196.ip.as43289.net ([178.17.170.196] helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1dLzQT-0007Se-0u; Sat, 17 Jun 2017 00:09:09 +0200 Date: Fri, 16 Jun 2017 22:09:02 +0000 From: ng0 To: Rutger Helling , 27394@debbugs.gnu.org Subject: Re: [bug#27394] [PATCH] gnu: tor: Add seccomp support. Message-ID: <20170616220902.agnoznv4nrcr7fdz@abyayala> Mail-Followup-To: Rutger Helling , 27394@debbugs.gnu.org References: <20170616120108.d5kx6h2ukiy7qtux@abyayala> <00b283d856293540d950c67502d4538e@mykolab.com> <20170616124639.a7lq7dgrbmr2wn4t@abyayala> <20170616131008.deg2qeu7fzwwxnxy@abyayala> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20170616131008.deg2qeu7fzwwxnxy@abyayala> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27394 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) There's a problem. I think it's not that problematic but it's a problem: Activating the Sandbox option (torrc Sandbox 1) prevents reloading certain functions of tor without stopping tor. Now when you do this with our GuixSD tor-service running through a guix system reconfigure, you will get a sandbox violation. Because I reboot directly after reconfigure I don't know if this is a serious problem, but I know there are plans for system-generation activation or what they call it (switch to the newly generated system directly after it was build). After a day of using your patch and encountering the sandbox violations I'm positive it works as intended, but I'm not sure what to do about the switch. Maybe our tor-service has to be adjusted? This is no requirement for this to be merged, I'm just trying to point out details. ng0 transcribed 1.8K bytes: > The patch itself seems to work. > > Just introducing upstream explicitly marked (see 'man tor') as "experimental" > features is difficult. As long as nothing breaks it's okay I guess. > > Should tor or the GuixSD native tor-service start to consume too much > resources, we can still adjust. > > ng0 transcribed 2.3K bytes: > > Rutger Helling transcribed 2.6K bytes: > > > Hey ng0, > > > > > > I think that ticket references whether the default torrc should have > > > "Sandbox 1". > > > > I understood the Whonix mail, which is how I got to the trac of tor, > > in the way that they don't enable seccomp because tor does not enable > > it as default. I'm not 100% positive on this, but I think I used > > tor with +seccomp and hardening in Gentoo for a very long time. > > > > > > > This patch doesn't do that, you still have to set that > > > manually if you want to use it. It only gives you the option (Tor will > > > just ignore that option in Guix right now). > > > > > > I also don't think that hardening and the sandbox bite each other in any > > > way. > > > > > > On 2017-06-16 14:01, ng0 wrote: > > > > > > > Rutger Helling transcribed 2.5K bytes: > > > > > > > >> Hello, > > > >> > > > >> this patch adds seccomp support to tor. > > > > > > > > There's the question if we would want that. > > > > tor doesn't enable it by default, see: https://trac.torproject.org/projects/tor/ticket/19215 > > > > But we also enable hardening by default, which differs from the tor default. > > > > I have no problem with moving unstable features in, but hardening > > > > seems much more tested to me than seccomp. > > > > -- > > ng0 > > OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > > https://krosos.org/~/ng0/ https://www.infotropique.org > > > > -- > ng0 > OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > https://krosos.org/~/ng0/ https://www.infotropique.org > > > > -- ng0 OpenPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://krosos.org/~/ng0/ https://www.infotropique.org From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 20 17:07:51 2017 Received: (at 27394-done) by debbugs.gnu.org; 20 Jun 2017 21:07:51 +0000 Received: from localhost ([127.0.0.1]:58528 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNQNK-0002jq-UK for submit@debbugs.gnu.org; Tue, 20 Jun 2017 17:07:51 -0400 Received: from eggs.gnu.org ([208.118.235.92]:40389) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNQNK-0002jd-0Z for 27394-done@debbugs.gnu.org; Tue, 20 Jun 2017 17:07:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNQNB-0003yr-Gh for 27394-done@debbugs.gnu.org; Tue, 20 Jun 2017 17:07:44 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:45760) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNQNB-0003yc-Dq; Tue, 20 Jun 2017 17:07:41 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:55250 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dNQNA-0005kL-Tp; Tue, 20 Jun 2017 17:07:41 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Rutger Helling Subject: Re: [bug#27394] [PATCH] gnu: tor: Add seccomp support. References: Date: Tue, 20 Jun 2017 23:07:38 +0200 In-Reply-To: (Rutger Helling's message of "Fri, 16 Jun 2017 13:21:37 +0200") Message-ID: <87bmpil65h.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 27394-done Cc: 27394-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) Hi Rutger, Rutger Helling skribis: > From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001 > From: Rutger Helling > Date: Fri, 16 Jun 2017 13:15:17 +0200 > Subject: [PATCH] gnu: tor: Add seccomp support. > > * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp. Applied, thanks. Do you think the GuixSD service should set =E2=80=9CSandbox 1=E2=80=9D by d= efault? The Besides, the GuixSD service runs Tor in a container, but that doesn=E2=80= =99t necessarily provide the same guarantees: . Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 20 18:31:26 2017 Received: (at 27394-done) by debbugs.gnu.org; 20 Jun 2017 22:31:26 +0000 Received: from localhost ([127.0.0.1]:58594 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNRgE-0004fk-1I for submit@debbugs.gnu.org; Tue, 20 Jun 2017 18:31:26 -0400 Received: from aibo.runbox.com ([91.220.196.211]:40526) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNRgC-0004fc-Mj for 27394-done@debbugs.gnu.org; Tue, 20 Jun 2017 18:31:25 -0400 Received: from [10.9.9.129] (helo=rmmprod07.runbox) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1dNRg6-0003Tx-NJ; Wed, 21 Jun 2017 00:31:18 +0200 Received: from mail by rmmprod07.runbox with local (Exim 4.86_2) (envelope-from ) id 1dNRg6-000781-Lh; Wed, 21 Jun 2017 00:31:18 +0200 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received: from [Authenticated user (892961)] by runbox.com with http (RMM6); Tue, 20 Jun 2017 22:31:18 GMT From: To: "Ludovic Courtès" Subject: Re: bug#27394: [PATCH] gnu: tor: Add seccomp support. Date: Wed, 21 Jun 2017 00:31:18 +0200 (CEST) X-Mailer: RMM6 In-Reply-To: <87bmpil65h.fsf@gnu.org> Message-Id: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27394-done Cc: 27394-done <27394-done@debbugs.gnu.org>, Rutger Helling X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, 20 Jun 2017 23:07:38 +0200, ludo@gnu.org (Ludovic Court=C3=A8s) wro= te: > Hi Rutger, >=20 > Rutger Helling skribis: >=20 > > From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001 > > From: Rutger Helling > > Date: Fri, 16 Jun 2017 13:15:17 +0200 > > Subject: [PATCH] gnu: tor: Add seccomp support. > > > > * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp. >=20 > Applied, thanks. >=20 > Do you think the GuixSD service should set =E2=80=9CSandbox 1=E2=80=9D by= default? The > Besides, the GuixSD service runs Tor in a container, but that doesn=E2=80= =99t > necessarily provide the same guarantees: > . >=20 > Ludo=E2=80=99. As mentioned earlier in the thread: I don't think it should be default unti= l we have found it to be stable enough. I experienced several "sandbox violations" wh= en running this in the last days. Is this good? Is this bad? I had no chance to invest= igate this so far. It also goes against torproject recommendations, as they consider sandbox (= seccomp) in tor to be an unstable + testing feature, disabled by default. From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 21 02:57:14 2017 Received: (at 27394-done) by debbugs.gnu.org; 21 Jun 2017 06:57:14 +0000 Received: from localhost ([127.0.0.1]:58777 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNZZh-00030W-PP for submit@debbugs.gnu.org; Wed, 21 Jun 2017 02:57:14 -0400 Received: from mx.kolabnow.com ([95.128.36.42]:6746) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNZZg-00030J-HE for 27394-done@debbugs.gnu.org; Wed, 21 Jun 2017 02:57:13 -0400 Received: from localhost (unknown [127.0.0.1]) by ext-mx-out002.mykolab.com (Postfix) with ESMTP id 619ADFE9; Wed, 21 Jun 2017 08:57:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at mykolab.com Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out002.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rJl09I3wKLrm; Wed, 21 Jun 2017 08:57:02 +0200 (CEST) Received: from int-mx002.mykolab.com (unknown [10.9.13.2]) by ext-mx-out002.mykolab.com (Postfix) with ESMTPS id D0AB9102; Wed, 21 Jun 2017 08:57:02 +0200 (CEST) Received: from mx04.mykolab.com (unknown [10.20.7.102]) by int-mx002.mykolab.com (Postfix) with ESMTPS id 9A882246E; Wed, 21 Jun 2017 08:57:02 +0200 (CEST) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_fc76302c4dba3273ab1050f2f1b36059" Date: Wed, 21 Jun 2017 08:57:01 +0200 From: Rutger Helling To: Ludovic CourtXXs , ng0@infotropique.org Subject: Re: bug#27394: [PATCH] gnu: tor: Add seccomp support. In-Reply-To: References: Message-ID: <9a77b4c9d799bd5f95bf3fce88e268af@mykolab.com> X-Sender: rhelling@mykolab.com X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 27394-done Cc: 27394-done <27394-done@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=_fc76302c4dba3273ab1050f2f1b36059 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 I don't have any issues (yet) running it with the sandbox on, but I agree it's good to test it extensively beforehand and depending on the stability wait until the Tor Project defaults to it. On 2017-06-21 00:31, ng0@infotropique.org wrote: > On Tue, 20 Jun 2017 23:07:38 +0200, ludo@gnu.org (Ludovic Courtès) wrote: > > Hi Rutger, > > Rutger Helling skribis: > > From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep 17 00:00:00 2001 > From: Rutger Helling > Date: Fri, 16 Jun 2017 13:15:17 +0200 > Subject: [PATCH] gnu: tor: Add seccomp support. > > * gnu/packages/tor.scm (tor)[inputs]: Add libseccomp. > Applied, thanks. > > Do you think the GuixSD service should set "Sandbox 1" by default? The > Besides, the GuixSD service runs Tor in a container, but that doesn't > necessarily provide the same guarantees: > . > > Ludo'. As mentioned earlier in the thread: I don't think it should be default until we have found it to be stable enough. I experienced several "sandbox violations" when running this in the last days. Is this good? Is this bad? I had no chance to investigate this so far. It also goes against torproject recommendations, as they consider sandbox (seccomp) in tor to be an unstable + testing feature, disabled by default. --=_fc76302c4dba3273ab1050f2f1b36059 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

I don't have any issues (yet) running it with the sandbox on, but I agre= e it's good to test it extensively beforehand and depending on the stabilit= y wait until the Tor Project defaults to it.

On 2017-06-21 00:31, ng0@infotropique.org wrote:

=

On Tue, 20 Jun 2017 23:07:38 +0200, ludo@gnu.org (Ludovic Courtès) wrote:

Hi Rutger,

Rutger Helling <rhelling@mykolab.com> skribis:

From 5e93733bba145ac3e3a3f39fb43f25ad7125fa2f Mon Sep = 17 00:00:00 2001
From: Rutger Helling <rhelling@mykolab.com>
Date: Fri, 16 Jun 2017 13:1= 5:17 +0200
Subject: [PATCH] gnu: tor: Add seccomp support.

* gnu/packages/tor.scm (tor)[inputs]: Add libseccomp.

Applied, thanks.

Do you think the GuixSD service should = set "Sandbox 1" by default?  The
Besides, the GuixSD service run= s Tor in a container, but that doesn't
necessarily provide the same g= uarantees:
<https://www.gnu.org/software/guix/n= ews/running-system-services-in-containers.html>.

Ludo'= =2E

As mentioned earlier in the thread: I don't think it should be defau= lt until we have
found it to be stable enough. I experienced several = "sandbox violations" when running
this in the last days. Is this good= ? Is this bad? I had no chance to investigate this so far.
It also go= es against torproject recommendations, as they consider sandbox (seccomp) i= n
tor to be an unstable + testing feature, disabled by default.

 

 
--=_fc76302c4dba3273ab1050f2f1b36059-- From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 21 04:24:31 2017 Received: (at 27394-done) by debbugs.gnu.org; 21 Jun 2017 08:24:31 +0000 Received: from localhost ([127.0.0.1]:58827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNawB-0006qV-CK for submit@debbugs.gnu.org; Wed, 21 Jun 2017 04:24:31 -0400 Received: from eggs.gnu.org ([208.118.235.92]:37949) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNaw9-0006qH-6f for 27394-done@debbugs.gnu.org; Wed, 21 Jun 2017 04:24:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNavz-0008Rm-5L for 27394-done@debbugs.gnu.org; Wed, 21 Jun 2017 04:24:24 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:52951) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNavz-0008Rg-1f; Wed, 21 Jun 2017 04:24:19 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:57286 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dNavy-0005Xp-B9; Wed, 21 Jun 2017 04:24:18 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Rutger Helling Subject: Re: bug#27394: [PATCH] gnu: tor: Add seccomp support. References: <9a77b4c9d799bd5f95bf3fce88e268af@mykolab.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 3 Messidor an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Wed, 21 Jun 2017 10:24:15 +0200 In-Reply-To: <9a77b4c9d799bd5f95bf3fce88e268af@mykolab.com> (Rutger Helling's message of "Wed, 21 Jun 2017 08:57:01 +0200") Message-ID: <87mv91kats.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 27394-done Cc: 27394-done <27394-done@debbugs.gnu.org>, ng0@infotropique.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi, Rutger Helling skribis: > I don't have any issues (yet) running it with the sandbox on, but I > agree it's good to test it extensively beforehand and depending on the > stability wait until the Tor Project defaults to it.=20 Sounds reasonable. Thanks for your feedback, ng0 and Rutger. Ludo=E2=80=99. From unknown Mon Aug 11 12:54:15 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 19 Jul 2017 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator