[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22692 [Applications/Tor Browser]: Backport Linux content sandboxing from Firefox 54
#22692: Backport Linux content sandboxing from Firefox 54
-------------------------------------------------+-------------------------
Reporter: jld | Owner: tbb-
| team
Type: enhancement | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: TorBrowserTeam201708, | Actual Points:
GeorgKoppen201708 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Applying all of the patches (or just the non-optional ones according to
comment:description) leads to crashes pretty easily (e.g. on
www.theguardian.com). However, that does not seem to be caused by Firefox
but rather by selfrando. Before crashing I see something like
{{{
Sandbox: seccomp sandbox violation: pid 5231, tid 5231, syscall 25, args
140268925878272 135 199 1 0 18446744073709551612
}}}
in my terminal which is not happening without selfrando. I guess selfrando
is not happy about its `mremap` getting blocked by the sandbox? The
accompanying stack trace of the content process crash is:
{{{
#0 0x00007f5862230fa6 in Vector<unsigned char*>::append(unsigned char*
const&) (val=<synthetic pointer>: <optimized out>, this=0x7fffffffbd30)
at src/RandoLib/RandoLib.h:129
#1 0x00007f5862230fa6 in os::Module::<lambda(const
trap_reloc_t&)>::operator() (trap_reloc=<synthetic pointer>...,
__closure=<synthetic pointer>)
at src/RandoLib/posix/OSImpl.cpp:641
#2 0x00007f5862230fa6 in
TrapInfo::for_all_relocations<os::Module::read_got_relocations(const
TrapInfo*)::<lambda(const trap_reloc_t&)> >(os::Module::<lambda(const
trap_reloc_t&)>) const (this=this@entry=0x7fffffffbc30, func=...,
func@entry=...)
at src/TrapInfo/TrapInfo.h:672
#3 0x00007f58622321ec in os::Module::read_got_relocations(TrapInfo
const*) (this=this@entry=0x7fffffffbcb0,
trap_info=trap_info@entry=0x7fffffffbc30)
at src/RandoLib/posix/OSImpl.cpp:642
#4 0x00007f58622326dc in os::Module::for_all_exec_sections(bool, void
(*)(os::Module const&, os::Module::Section const&, TrapInfo&, bool,
void*), void*) (this=0x7fffffffbcb0, self_rando=true,
callback=0x7f586222e580 <randomize_exec_section(os::Module const&,
os::Module::Section const&, TrapInfo&, bool, void*)>, callback_arg=0x0)
at src/RandoLib/posix/OSImpl.cpp:422
#5 0x00007f586222e750 in RandoMain(os::Module::Handle)
(asm_module=0x7fffffffbd70)
at src/RandoLib/RandoLib.cpp:599
#6 0x00007f58622359cb in Linux_EntryPointImpl ()
at src/RandoLib/posix/EntryPoint.c:70
#7 0x00007f5862235883 in _TRaP_Linux_EntryPoint_init ()
at /home/thomas/Arbeit/Tor/debugging/22692/tor-browser_en-
US/Browser/libmozavutil.so
#8 0x00007f5862210748 in ()
at /home/thomas/Arbeit/Tor/debugging/22692/tor-browser_en-
US/Browser/libmozavutil.so
#9 0x0000000000000009 in ()
#10 0x00007fffffffddf8 in ()
#11 0x00007f589240385a in call_init (l=0x7f5862182800, argc=-16824,
argc@entry=9, argv=argv@entry=0x7fffffffdda8,
env=env@entry=0x7fffffffddf8)
at dl-init.c:58
#12 0x00007f58924039ab in call_init (env=0x7fffffffddf8,
argv=0x7fffffffdda8, argc=9, l=<optimized out>) at dl-init.c:30
#13 0x00007f58924039ab in _dl_init
(main_map=main_map@entry=0x7f5862182800, argc=9, argv=0x7fffffffdda8,
env=0x7fffffffddf8) at dl-init.c:120
#14 0x00007f5892407f58 in dl_open_worker (a=a@entry=0x7fffffffc100)
at dl-open.c:575
#15 0x00007f5892403744 in _dl_catch_error
(objname=objname@entry=0x7fffffffc0f0,
errstring=errstring@entry=0x7fffffffc0f8,
mallocedp=mallocedp@entry=0x7fffffffc0ef,
operate=operate@entry=0x7f5892407b70 <dl_open_worker>,
args=args@entry=0x7fffffffc100)
at dl-error.c:187
#16 0x00007f5892407709 in _dl_open (file=0x7f58607fb820
"/home/thomas/Arbeit/Tor/debugging/22692/tor-browser_en-
US/Browser/libmozavutil.so", mode=-2147483646,
caller_dlopen=0x7f589257fb9d <PR_dtoa+3405>, nsid=-2, argc=<optimized
out>, argv=<optimized out>, env=0x7fffffffddf8) at dl-open.c:660
#17 0x00007f588be8cee9 in dlopen_doit (a=a@entry=0x7fffffffc330) at
dlopen.c:66
#18 0x00007f5892403744 in _dl_catch_error (objname=0x7f58835531f0,
errstring=0x7f58835531f8, mallocedp=0x7f58835531e8, operate=0x7f588be8ce90
<dlopen_doit>, args=0x7fffffffc330) at dl-error.c:187
#19 0x00007f588be8d531 in _dlerror_run
(operate=operate@entry=0x7f588be8ce90 <dlopen_doit>,
args=args@entry=0x7fffffffc330) at dlerror.c:163
#20 0x00007f588be8cf82 in __dlopen (file=<optimized out>, mode=<optimized
out>)
at dlopen.c:87
#21 0x00007f589257fb9d in dtoa (rve=0x7f5800000000, sign=<optimized out>,
decpt=
0x7f588ec072a1 <ShowCustomDialog(GtkComboBox*, gpointer)+1056>,
ndigits=-1884013950, mode=32600, dd=<optimized out>)
at /home/debian/build/tor-browser/nsprpub/pr/src/misc/prdtoa.c:3215
#22 0x00007f589257fb9d in PR_dtoa (d=<optimized out>, mode=32600,
ndigits=<optimized out>, decpt=0x7f588ec072a1
<ShowCustomDialog(GtkComboBox*, gpointer)+1056>, sign=<optimized out>,
rve=0x7f5800000000, buf=0x7f5800000000 <error: Cannot access memory at
address 0x7f5800000000>, bufsize=0)
at /home/debian/build/tor-browser/nsprpub/pr/src/misc/prdtoa.c:3411
#23 0x0000000100000050 in ()
#24 0x0000000000000000 in ()
}}}
I'll contact the selfrando devs and meanwhile continue testing the patches
without selfrando compiled in.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22692#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs