[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.2.7] Permit setrlimit, prlimit, prlimit64 calls.



commit 725e0c76e3df9d3ea4b861b3ff5279b23def4ef9
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Mon Mar 14 13:21:16 2016 -0400

    Permit setrlimit, prlimit, prlimit64 calls.
    
    We call setrlimit under some circumstances, and it can call prlimit
    and prlimit64 under the hood.
    
    Fixes bug 15221.
---
 changes/bug15221     | 4 ++++
 src/common/sandbox.c | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/changes/bug15221 b/changes/bug15221
new file mode 100644
index 0000000..ed72309
--- /dev/null
+++ b/changes/bug15221
@@ -0,0 +1,4 @@
+  o Minor bugfixes (sandbox):
+    - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
+      which some libc implementations
+      use under the hood.  Fixes bug 15221.  Bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 950a92f..bcbb3ce 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -177,11 +177,20 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(mmap),
 #endif
     SCMP_SYS(munmap),
+#ifdef __NR_prlimit
+    SCMP_SYS(prlimit),
+#endif
+#ifdef __NR_prlimit64
+    SCMP_SYS(prlimit64),
+#endif
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
     SCMP_SYS(sched_getaffinity),
     SCMP_SYS(sendmsg),
     SCMP_SYS(set_robust_list),
+#ifdef __NR_setrlimit
+    SCMP_SYS(setrlimit),
+#endif
 #ifdef __NR_sigreturn
     SCMP_SYS(sigreturn),
 #endif



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits