0x9090

This file is part of Whonix
Copyright (C) 2012 - 2014 Patrick Schleizer <[email protected]>
See the file COPYING for copying conditions.

        **** Do NOT edit this file! ****

This file will show you examples you can copy and paste to /etc/tor/torrc

Additionally, you can read the official Tor Manual at:
https://www.torproject.org/docs/tor-manual.html.en

0x9090

1: Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, or direct or indirect recursion.

2: All loops must have a fixed upper bound. It must be trivially possible for a checking tool to statically prove that a preset upper bound on the number of iterations of a loop cannot be exceeded. If the loop-bound cannot be proven statically, the rule is considered violated.

3: Do not use dynamic memory allocation after initialization.

4: No function should be longer than what can be printed on a single sheet of paper (in a standard reference format with one line per statement and one line per declaration.) Typically, this means no more than about 60 lines of code per function.

5: The assertion density of the code should average a minimum of two assertions per function. Assertions must always be side effect-free and should be defined as Boolean tests.

0x9090

These are some common Linux programs which can be used to execute other software. This demonstrates the risk of implicitly granting sudo privledges to non-suid programs. For example, if you lock down sudo to everything except for vim, then a local attacker could still open a full root shell with that limited sudo vim privledge.


tcpdump
$ tcpdump -n -i lo -G1 -w /dev/null -z ./program.sh

tar
$ tar c a.tar -I ./program.sh a

zip

0x9090

<html>
<head>
  <title>sneaky copy-paste terminal example</title>
</head>
  <style>
    .codeblock {
      background-color: lightyellow;
      border: 1px dotted black;
      margin-left: 50px;