From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 17 Apr 2014 02:45:27 +0000 (-0400)
Subject: add a changes file for the sandbox fixes series
X-Git-Tag: tor-0.2.5.4-alpha~36^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=506c8904402907f84f8c5ddcd6ecf15bb66d4030;p=thirdparty%2Ftor.git

add a changes file for the sandbox fixes series
---

diff --git a/changes/sandbox_fixes_11351 b/changes/sandbox_fixes_11351
new file mode 100644
index 0000000000..2fe2173ced
--- /dev/null
+++ b/changes/sandbox_fixes_11351
@@ -0,0 +1,13 @@
+  o Major features:
+    - Refinements and improvements to the Linux seccomp2 sandbox code:
+      the sandbox can now run a test network for multiple hours without
+      crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG,
+      seeding the Libevent PRNG, using the wrong combination of CLOEXEC and
+      NONBLOCK at the same place and time, having server keys, being an
+      authority, receiving a HUP, or using IPv6.) The sandbox is still
+      experimental, and more bugs will probably turn up. To try it,
+      enable "Sandbox 1" on a Linux host.
+
+    - Strengthen the Linux seccomp2 sandbox code: the sandbox can now
+      test the arguments for rename(), and blocks _sysctl() entirely.
+