[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24400 [Core Tor/Tor]: Seccomp filter incorrectly tries to act on strings, allowing sandbox bypass

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #24400 [Core Tor/Tor]: Seccomp filter incorrectly tries to act on strings, allowing sandbox bypass
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 05 Dec 2017 01:16:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 04 Dec 2017 20:16:25 -0500
In-reply-to: <049.40d0150b01c3fbbac85469699162f803@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.40d0150b01c3fbbac85469699162f803@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24400: Seccomp filter incorrectly tries to act on strings, allowing sandbox bypass
--------------------------+------------------------------------
 Reporter:  Sebastian     |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Major         |     Resolution:
 Keywords:  sandbox       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by cypherpunks):

 >It's sure not very clean code, though, and I can believe that there are
 ways around it that we don't know about. How does the brk() bypass work
 here? What are the other bypasses that we should know about?

 I saw a demonstration when I proposed this idea to... I think it was
 TheJH? I'd have to ask again to remember the details.

 >(and android?)

 Android works the same way as vanilla Linux in this respect.

 >In the shorter term, we could remove the logic that tries to list all the
 files and only permit those, and instead permit open, openat, rename, etc
 more generally, if there's a benefit to that.

 While removal would fix some bugs, it still provides (I think) benefit for
 systems with PaX MPROTECT, since that prevents making rx pages writable
 (such as `.text`).

 >We should also figure out what timeframe we can do the "right" solution
 on.

 This is an issue for many projects, so there is effort to remedy this
 (e.g. with an LSM). It might be best for the "right" solution to use that
 when it comes out. Having a separate process or greatly reworking the
 architecture of Tor doesn't seem likely.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24400#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #24517 [Applications/Tor Browser]: can't load domains defined in `network.proxy.no_proxies_on` when `network.proxy.socks_remote_dns` is set to `true`
Next by Author: Re: [tor-bugs] #22084 [Applications/Tor Browser]: Neuter NetworkInformation API on Tor Browser Mobile
Previous by thread: Re: [tor-bugs] #24400 [Core Tor/Tor]: Seccomp filter incorrectly tries to act on strings, allowing sandbox bypass
Next by thread: Re: [tor-bugs] #24037 [Core Tor/Torsocks]: Use syscall blacklist rather than whitelist for torsocks
Index(es):
- Author
- Thread