[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Fix startup crash with seccomp sandbox enabled #40072



commit eab8e7af522d18620450003667579eebaa339896
Author: Daniel Pinto <danielpinto52@xxxxxxxxx>
Date:   Wed Jul 29 00:34:08 2020 +0100

    Fix startup crash with seccomp sandbox enabled #40072
    
    Fix crash introduced in #40020. On startup, tor calls
    check_private_dir on the data and key directories. This function
    uses open instead of opendir on the received directory. Data and
    key directoryes are only opened here, so the seccomp rule added
    should be for open instead of opendir, despite the fact that they
    are directories.
---
 src/app/main/main.c       |  8 ++++++--
 src/lib/sandbox/sandbox.c | 10 +---------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/app/main/main.c b/src/app/main/main.c
index aceba78cfc..3f35d4d23f 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -1008,8 +1008,10 @@ sandbox_init_filter(void)
     OPEN_DATADIR2(name, name2 suffix);                  \
   } while (0)
 
+// KeyDirectory is a directory, but it is only opened in check_private_dir
+// which calls open instead of opendir
 #define OPEN_KEY_DIRECTORY() \
-  OPENDIR(options->KeyDirectory)
+  OPEN(options->KeyDirectory)
 #define OPEN_CACHEDIR(name)                      \
   sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
 #define OPEN_CACHEDIR_SUFFIX(name, suffix) do {  \
@@ -1023,7 +1025,9 @@ sandbox_init_filter(void)
     OPEN_KEYDIR(name suffix);                    \
   } while (0)
 
-  OPENDIR(options->DataDirectory);
+  // DataDirectory is a directory, but it is only opened in check_private_dir
+  // which calls open instead of opendir
+  OPEN(options->DataDirectory);
   OPEN_KEY_DIRECTORY();
 
   OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 1903da70e8..2f26c5429b 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -657,15 +657,7 @@ sb_opendir(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
     if (param != NULL && param->prot == 1 && param->syscall
         == PHONY_OPENDIR_SYSCALL) {
-      if (libc_uses_openat_for_opendir()) {
-        rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
-            SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
-            SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
-            SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|
-                O_DIRECTORY|O_CLOEXEC));
-      } else {
-        rc = allow_file_open(ctx, 0, param->value);
-      }
+      rc = allow_file_open(ctx, libc_uses_openat_for_opendir(), param->value);
       if (rc != 0) {
         log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
             "libseccomp error %d", rc);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits