[tor-bugs] #18397 [Core Tor/Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 5 22:39:15 UTC 2016
#18397: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
-------------------------------------------------+-------------------------
Reporter: fowlslegs | Owner: nickm
Type: defect | Status:
Priority: High | needs_information
Component: Core Tor/Tor | Milestone: Tor:
Severity: Major | 0.2.???
Keywords: seccomp, sandbox, getsockopt, | Version: Tor:
027-backport | 0.2.7.6
Parent ID: | Resolution:
Reviewer: | Actual Points:
| Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by Jigsaw52):
More information:
As mentioned in the comments above, the issue only happens when starting
the daemon with systemd. Running it on the console works fine.
I used strace to get a log of system calls from both the systemd started
execution and the console started execution. I've attached both log files.
Execution seems similar until lines 1719 (console) and 1725 (systemd).
From that point onwards, execution differs and soon we see the crash in
the systemd execution.
Also, I am unable to reproduce the problem when I compile this version
(compiled from git tag tor-0.2.7.6) on the affected machine. The newly
compiled binary runs fine when started by systemd. Only the binary that
comes with Ubuntu crashes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18397#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list