[tor-dev] Starting Tor from Python using Ctypes improving Sandboxing?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sat Apr 19 13:41:58 UTC 2014


Hi,

currently starting Tor from an python application using existing
frameworks (such as txtorconn) provide limits related to the
capabilities of sandboxing the application itself with AppArmor.

If you want to start Tor from your own application, then you must enable
such application to "execute" an external binary called /usr/bin/tor .

I'm wondering if anyone ever tried to start Tor from a Python
application using Ctypes, to start the Tor "main()", placing the Tor
process into a dedicated Python's application Thread.

That way it would be possible to sandbox the Python application using
AppArmor without enabling any kind of execve() call.

Does anyone ever tried this?

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org



More information about the tor-dev mailing list