[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #29819 [Core Tor/Tor]: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
#29819: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
-----------------------------------+------------------------------------
Reporter: toralf | Owner: nickm
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: crash, linux, sandbox | Actual Points:
Parent ID: | Points: 0.2
Reviewer: | Sponsor:
-----------------------------------+------------------------------------
Comment (by pege):
Looks like Tor used libseccomp in a way it was never intended to be used.
See
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-482796234
this comment] and the
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-483057151
response here].
Nickm, I think you know the Sandbox better than I do. Where do we go from
here? I'd say we just return EPERM whenever we want to deny access. I'd
expect this to be least likely to introduce any regressions. If we just
fail with SIGSYS, this is likely to break on one system or another. On
Fedora, at least OpenSSL attemps to open file that's not allowed, namely,
`/etc/crypto-policies/back-ends/openssl.config`. We can always decide to
switch to SYSSIG later on, after thorough testing but I think first we
should make sure no more installations break because of a libseccomp
v2.4.0 upgrade.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29819#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs