[tor-bugs] #22605 [Core Tor/Tor]: sandbox_intern_string(): Bug: No interned sandbox parameter found for /etc/tor/torrc.d/

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 2 00:20:17 UTC 2017 

#22605: sandbox_intern_string(): Bug: No interned sandbox parameter found for
/etc/tor/torrc.d/
---------------------------------+------------------------------------
 Reporter:  toralf               |          Owner:  dgoulet
     Type:  defect               |         Status:  accepted
 Priority:  High                 |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor         |        Version:  Tor: 0.3.1.3-alpha
 Severity:  Normal               |     Resolution:
 Keywords:  sandbox, regression  |  Actual Points:
Parent ID:                       |         Points:
 Reviewer:                       |        Sponsor:
---------------------------------+------------------------------------

Comment (by Jigsaw52):

 I'm having some problems fixing this one. I tried to change the sandbox
 code to allow adding more filters at runtime but it seems that the rules
 added after the initial seccomp initialization are being ignored.

 More specifically, the problem I am having is the following (I am using
 the example in the above comments):
 1. When the config is reloaded, the filter that allows opening
 /etc/tor/torrc.d/ appears to be installed correctly (sb_open adds the
 filter to the context and seccomp_load returns 0 when loading the context)
 2. However, when open is called with /etc/tor/torrc.d/, the process is
 still killed
 3. I've checked the value of the pointer to the "/etc/tor/torrc.d/" string
 and it is the same on sb_open when the rule is added and on the
 tor_listdir function, where opendir is called, which then calls the open
 syscall.

 I believe the problem is related to adding filters after the initial
 seccomp initialization.
 It would be great if someone who has some understanding of the sandbox
 code and libseccomp could take a look at this too.

 My code is in this branch: https://github.com/Jigsaw52/tor/tree/fix-
 torrcd-sandbox-22605

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22605#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list