[tor-bugs] #24400 [Core Tor/Tor]: Seccomp filter incorrectly tries to act on strings, allowing sandbox bypass

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 4 08:37:16 UTC 2017


#24400: Seccomp filter incorrectly tries to act on strings, allowing sandbox bypass
--------------------------+------------------------------------
 Reporter:  Sebastian     |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Major         |     Resolution:
 Keywords:  sandbox       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by cypherpunks):

 It seems like trying to set things like `SocksPort` to a UNIX domain
 socket will cause Tor to crash due to this bug. The path is whitelisted at
 compile-time, so changing it results in a violation and a confusing error
 suggesting that the path may not be readable.

 Other affected parameters that are broken when the sandbox are in use
 include:

 `DirPortFrontPage`
 `ServerDNSResolvConfFile`
 `CookieAuthFile`
 `ExtORPortCookieAuthFile`

 And likely more.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24400#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list