[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.4.2] Correct how we use libseccomp



commit 0d64bafcfedd259fb15b3ee85a7b00a840aec73b
Author: Peter Gerber <peter@xxxxxxxxxxxx>
Date:   Mon Jun 10 14:56:31 2019 +0200

    Correct how we use libseccomp
    
    This fixes a startup crash with libseccomp v2.4.0 if Sandbox is
    set to 1.
---
 changes/bug29819          |  8 ++++++++
 src/lib/sandbox/sandbox.c | 40 ++--------------------------------------
 2 files changed, 10 insertions(+), 38 deletions(-)

diff --git a/changes/bug29819 b/changes/bug29819
new file mode 100644
index 000000000..d37ac83d6
--- /dev/null
+++ b/changes/bug29819
@@ -0,0 +1,8 @@
+  o Minor bugfixes (linux seccomp sandbox):
+    - Correct how we use libseccomp. Particularly, stop assuming that
+      rules are applied in a particular order or that more rules are
+      processed after the first match. Neither is the case! In libseccomp
+      <2.4.0 this lead to some rules having no effect. Libseccomp 2.4.0
+      changed how rules are generated leading to a different ordering
+      which in turn lead to a fatal crash during startup. Fixes bug
+      29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index e2356a172..8f577b066 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -491,24 +491,6 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     }
   }
 
-  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
-                SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
-                                O_RDONLY));
-  if (rc != 0) {
-    log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
-        "error %d", rc);
-    return rc;
-  }
-
-  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
-                SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
-                                O_RDONLY));
-  if (rc != 0) {
-    log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
-            "libseccomp error %d", rc);
-    return rc;
-  }
-
   return 0;
 }
 
@@ -562,23 +544,6 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   return 0;
 }
 
-static int
-sb__sysctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
-{
-  int rc;
-  (void) filter;
-  (void) ctx;
-
-  rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(_sysctl));
-  if (rc != 0) {
-    log_err(LD_BUG,"(Sandbox) failed to add _sysctl syscall, "
-        "received libseccomp error %d", rc);
-    return rc;
-  }
-
-  return 0;
-}
-
 /**
  * Function responsible for setting up the rename syscall for
  * the seccomp filter sandbox.
@@ -1141,7 +1106,6 @@ static sandbox_filter_func_t filter_func[] = {
     sb_chmod,
     sb_open,
     sb_openat,
-    sb__sysctl,
     sb_rename,
 #ifdef __NR_fcntl64
     sb_fcntl64,
@@ -1518,14 +1482,14 @@ install_syscall_filter(sandbox_cfg_t* cfg)
   int rc = 0;
   scmp_filter_ctx ctx;
 
-  ctx = seccomp_init(SCMP_ACT_TRAP);
+  ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM));
   if (ctx == NULL) {
     log_err(LD_BUG,"(Sandbox) failed to initialise libseccomp context");
     rc = -1;
     goto end;
   }
 
-  // protectign sandbox parameter strings
+  // protecting sandbox parameter strings
   if ((rc = prot_strings(ctx, cfg))) {
     goto end;
   }



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits