[tor-bugs] #9249 [Tor]: GSOC seccomp stage 2
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 11 18:12:08 UTC 2013
#9249: GSOC seccomp stage 2
-----------------------------+--------------------------------------------
Reporter: ctoader | Owner: nickm
Type: enhancement | Status: needs_revision
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords: tor-relay gsoc seccomp sandbox
Actual Points: | Parent ID: #5756
Points: |
-----------------------------+--------------------------------------------
Comment (by nickm):
Replying to [comment:16 nickm]:
> But hm. What happens if somebody tries to mprotect the page right
before immediately before the mapping, and they give a bunch of pages that
includes the mapping, as in "mprotect(pr_mem_base - 4096, 8192,
PROT_READ|PROT_WRITE)" ?
>
>
> (What exactly is it that needs to do mprotect(PROT_READ|PROT_WRITE)? I
think it is malloc/arena.c in glibc.)
It appears that the largest arena that glibc will allocate now is 1 MB
long. So I believe that we could kludge our way around this by mmaping a
region that is 1MB larger than we need, putting our constant data at the
end of it, and forbidding any attempt to mprotect(PROT_READ|PROT_WRITE)
more than 1MB of data.
Is there a better kludge?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9249#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list