[tor-bugs] #18397 [Core Tor/Tor]: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jul 9 00:55:09 UTC 2016
#18397: `Sandbox 1` in Tor 0.2.7.6 should not filter `getsockopt` syscall
-------------------------------------------------+-------------------------
Reporter: fowlslegs | Owner: nickm
Type: defect | Status:
Priority: High | needs_review
Component: Core Tor/Tor | Milestone: Tor:
Severity: Major | 0.2.???
Keywords: seccomp, sandbox, getsockopt, | Version: Tor:
027-backport | 0.2.7.6
Parent ID: | Resolution:
Reviewer: | Actual Points:
| Points:
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by Jigsaw52):
* status: needs_information => needs_review
Comment:
I've written the patch. It is available on github:
https://github.com/Jigsaw52/tor/tree/seccomp-fix-18397
The patch changes the sandbox filter to allow the following when built
with systemd:
- getsockopt with SOL_SOCKET and SO_SNDBUF as arugments
- setsockopt with SOL_SOCKET and SO_SNDBUFFORCE
This calls are used by the systemd sd_notify function.
It also allows the sysinfo syscall as the libc qsort function uses it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18397#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list