From: Peter Müller <peter.mueller@ipfire.org>
Date: Sat, 25 Sep 2021 07:07:58 +0000 (+0200)
Subject: Tor: Enable syscall sandbox
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b6a2e761bc14d90725beda5b31f1637a599d163;p=people%2Fstevee%2Fipfire-2.x.git

Tor: Enable syscall sandbox

This makes post-exploitation activities harder, in case the local Tor
instance has been compromised. It is worth noticing that Tor won't
respond to a "GETINFO address" command on the control port if sandboxed,
but our CGI does not make use of it, and neither is any legitimate
service on IPFire doing so.

Tested on a small middle relay running on an IPFire machine.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
index 3349336aea..ce579aec11 100644
--- a/html/cgi-bin/tor.cgi
+++ b/html/cgi-bin/tor.cgi
@@ -730,6 +730,7 @@ sub BuildConfiguration() {
 	open(FILE, ">$torrc");
 
 	# Global settings.
+	print FILE "Sandbox 1\n";
 	print FILE "ControlPort $TOR_CONTROL_PORT\n";
 
 	if ($settings{'TOR_ENABLED'} eq 'on') {