commit a9ed7e3bb4c081f4cf39ece91027f1c9b6f099f2 Author: David Goulet <dgoulet@ev0ke.net> Date: Mon Jan 19 11:59:41 2015 -0500 Fix: switch back to a syscall whitelist scheme syscall() can't take a va_list so we can't forward every non dangerous syscall using the libc syscall() thus having to deny non supported ones. It's a bit sad but I have no other solution for that. Please let me know if anyone comes up with one! :) Signed-off-by: David Goulet <dgoulet@ev0ke.net> --- src/lib/syscall.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/lib/syscall.c b/src/lib/syscall.c index 96016bb..ec10000 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c @@ -229,8 +229,14 @@ LIBC_SYSCALL_RET_TYPE tsocks_syscall(long int number, va_list args) ret = handle_recvmsg(args); break; default: - /* Safe to call the libc syscall function. */ - ret = tsocks_libc_syscall(number, args); + /* + * Because of the design of syscall(), we can't pass a va_list to it so + * we are constraint to use a whitelist scheme and denying the rest. + */ + WARN("[syscall] Unsupported syscall number %ld. Denying the call", + number); + ret = -1; + errno = ENOSYS; break; } @@ -297,8 +303,8 @@ LIBC___SYSCALL_RET_TYPE tsocks___syscall(quad_t number, va_list args) break; default: /* - * Deny call since we have no idea if this call can leak or not data - * off the Tor network. + * Because of the design of syscall(), we can't pass a va_list to it so + * we are constraint to use a whitelist scheme and denying the rest. */ WARN("[syscall] Unsupported __syscall number %ld. Denying the call", number);