[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9249 [Tor]: GSOC seccomp stage 2
#9249: GSOC seccomp stage 2
-----------------------------+--------------------------------------------
Reporter: ctoader | Owner: nickm
Type: enhancement | Status: needs_revision
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords: tor-relay gsoc seccomp sandbox
Actual Points: | Parent ID: #5756
Points: |
-----------------------------+--------------------------------------------
Comment (by nickm):
Replying to [comment:15 ctoader]:
> Did the latest commit fix this? I also had 2 more commits, some changes
didn't work on my configuration (linux 32 bit).
Your change in 8e003b1c69152ba6e5c3a09db11472eef5db14da re-broke my 64-bit
linux box with libseccomp version 1.0.1. I get:
{{{
Sep 11 13:38:48.000 [err] add_noparam_filter(): Bug: (Sandbox) failed to
add syscall index 34 (NR=-109), received libseccomp error -33
Sep 11 13:38:48.000 [err] install_syscall_filter(): Bug: (Sandbox) failed
to add param filters!
Sep 11 13:38:48.000 [err] tor_main(): Bug: Failed to create syscall
sandbox filter
}}}
This is for recv, which is apparently implemented via the recvfrom syscall
on 64-bit linux.
Also, your change in 3802cae9597fa417ceec42 breaks compilation on OSX,
where I get:
{{{
src/common/sandbox.h:166: error: expected â=â, â,â, â;â, âasmâ or
â__attribute__â before â*â token
src/common/sandbox.h:174: error: expected â)â before â*â token
src/common/sandbox.h:185: error: expected â)â before â*â token
src/common/sandbox.h:193: error: expected â)â before â*â token
src/common/sandbox.h:204: error: expected â)â before â*â token
src/common/sandbox.h:212: error: expected â)â before â*â token
src/common/sandbox.h:222: error: expected â)â before â*â token
src/common/sandbox.h:230: error: expected â)â before â*â token
src/common/sandbox.h:241: error: expected â)â before â*â token
src/common/sandbox.h:244: error: expected â)â before â*â token
make[1]: *** [src/common/address.o] Error 1
}}}
I tried to fix the second one in my gsoc-cap-stage2 branch, but I don't
know what to do for the first.
> Small note: unfortunately by stepping through libseccomp with the
debugger, I realised it doesn't support intervals on the same parameter
because each filter entry applies to only one syscall parameter; so you
couldn't have entry 1 say 'addr > x' and entry 2 say 'addr < x', unless
they're done in separate calls; I did manage do make something work
though.
I think this is almost okay.... It would be cool to test it out, though,
by adding a spurious call to mprotect different points inside the mapping
(including the beginning or end) or remap the mapping right after the
sandbox filters are installed, and to verify that that does the right
thing.
But hm. What happens if somebody tries to mprotect the page right before
immediately before the mapping, and they give a bunch of pages that
includes the mapping, as in "mprotect(pr_mem_base - 4096, 8192,
PROT_READ|PROT_WRITE)" ?
(What exactly is it that needs to do mprotect(PROT_READ|PROT_WRITE)? I
think it is malloc/arena.c in glibc.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9249#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs