[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18397 [Core Tor/Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall

Subject: Re: [tor-bugs] #18397 [Core Tor/Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 09 Jul 2016 00:55:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 08 Jul 2016 20:56:15 -0400
In-reply-to: <049.54b38356adfc10014428eb6510da40c8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.54b38356adfc10014428eb6510da40c8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18397: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
-------------------------------------------------+-------------------------
 Reporter:  fowlslegs                            |          Owner:  nickm
     Type:  defect                               |         Status:
 Priority:  High                                 |  needs_review
Component:  Core Tor/Tor                         |      Milestone:  Tor:
 Severity:  Major                                |  0.2.???
 Keywords:  seccomp, sandbox, getsockopt,        |        Version:  Tor:
  027-backport                                   |  0.2.7.6
Parent ID:                                       |     Resolution:
 Reviewer:                                       |  Actual Points:
                                                 |         Points:
                                                 |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by Jigsaw52):

 * status:  needs_information => needs_review


Comment:

 I've written the patch. It is available on github:

 https://github.com/Jigsaw52/tor/tree/seccomp-fix-18397

 The patch changes the sandbox filter to allow the following when built
 with systemd:
  - getsockopt with SOL_SOCKET and SO_SNDBUF as arugments
  - setsockopt with SOL_SOCKET and SO_SNDBUFFORCE

 This calls are used by the systemd sd_notify function.

 It also allows the sysinfo syscall as the libc qsort function uses it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18397#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #19398 [Metrics/metrics-lib]: Release DescripTor 1.3.0
Next by Author: [tor-bugs] #19787 [Obfuscation/BridgeDB]: ImportError: No module named Bridges, no BridgeSplitter class
Previous by thread: Re: [tor-bugs] #18397 [Core Tor/Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
Next by thread: Re: [tor-bugs] #18397 [Core Tor/Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
Index(es):
- Author
- Thread