[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29819 [Core Tor/Tor]: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29819 [Core Tor/Tor]: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 07 Jun 2019 20:26:20 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Jun 2019 16:26:29 -0400
In-reply-to: <046.367d57fc9cf12c2ad9132b777871a41c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.367d57fc9cf12c2ad9132b777871a41c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29819: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
-----------------------------------+------------------------------------
 Reporter:  toralf                 |          Owner:  nickm
     Type:  defect                 |         Status:  assigned
 Priority:  Medium                 |      Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor           |        Version:  Tor: unspecified
 Severity:  Normal                 |     Resolution:
 Keywords:  crash, linux, sandbox  |  Actual Points:
Parent ID:                         |         Points:  2-10
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------------------

Comment (by pege):

 pege -- the EPERM idea seems plausible, if it works. Do you have time to
 try it out?

 I should have some time to try this this weekend. I'll let you know how it
 is going.

    Otherwise, the only workable idea I can think of is to rearchitect how
 we handle filesystem interactions in the sandbox. We should really have an
 trusted unsandboxed process whose job it is to open files for the main
 process, and pass them back over a pipe. This would let us support more
 sandboxing techniques, and allow us to throw out our immutable-string
 hacks. It would be a lot of work though, and I don't see where we have
 time to do it in our current roadmap.

 Moving file handling to some kind of broker running in an unsandboxed
 process is the proper solution here I'd say but that'll take some time.
 Let's see how EPERM works out first. The only issue I can see with the
 sandbox is that `mmap()`ing files to save memory will no longer be
 possible. Consider the security benefit, it's probably a minor issue
 though.

 I wonder if there isn't some third party library for creating a broker,
 handling permissions and passing content to the sandboxed process. If not,
 I'm thinking this could make a good project for introducing some more
 Rust. I guess the broker itself could be written in Rust completely.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29819#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #29100 [Core Tor/Fallback Scripts]: Update src/app/config/fallback_dirs.inc to ../tor/src/app/config/fallback_dirs.inc post-split
Next by Author: Re: [tor-bugs] #30927 [Applications/Tor Browser]: Tor Browser on Windows does not respond to play/pause buttons while playing media.
Previous by thread: Re: [tor-bugs] #30235 [Core Tor/Stem]: Stem hangs waiting for control port data
Next by thread: Re: [tor-bugs] #30700 [Core Tor/Stem]: Tor's Travis stem job shows debug logs from 10 minutes after the hang
Index(es):
- Author
- Thread