[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #29819 [Core Tor/Tor]: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
#29819: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
-----------------------------------+------------------------------------
Reporter: toralf | Owner: nickm
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: crash, linux, sandbox | Actual Points:
Parent ID: | Points: 0.2
Reviewer: | Sponsor:
-----------------------------------+------------------------------------
Comment (by pege):
Short update. The issue initially reported
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-480297770
is on the way of being resolved]. BPF is now generated correctly for the
`sigaction()` call mentioned in an earlier comment.
This fix, however, is not enough to get Tor working with libseccomp
v2.4.0. This version contains some major correction when it comes to BPF
generation. In particular, earlier versions could generate BPF code that
did not enforce all rules correctly. It would appear that PBF code was
indeed generated incorrectly in case of Tor which lead to some bugs in
Tor's sandbox implementation going unnoticed. In particular, file names
passed to `open()`, `openat()` and `rename()` appear to be affected.
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-480386644
See my comment on libseccomps bug tracker]. Response from the libseccomp
maintainers is
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-481309991 a
bit further down].
I'll look at Tor sandbox a bit closer on the weekend in the hope of coming
up with a way to deal with the issue. I guess we'll need some way of
making sure paths are stored at fixed memory locations by either computing
all the paths during compilation or during startup and then revoke write
permission somehow for that region of memory the contains them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29819#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs