[tor-bugs] #24339 [Core Tor/Tor]: (Sandbox) Caught a bad syscall attempt (syscall mprotect)

Fri Nov 17 18:50:44 UTC 2017

#24339: (Sandbox) Caught a bad syscall attempt (syscall mprotect)
------------------------------+--------------------------------
     Reporter:  dgoulet       |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.2.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  sandbox
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 Trace is:
 {{{
 /usr/lib/x86_64-linux-gnu/libasan.so.4(+0x558c0)[0x7f6e71f908c0]
 /lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
 /lib/x86_64-linux-gnu/libpthread.so.0(+0x13150)[0x7f6e70a72150]
 /lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
 /lib/x86_64-linux-
 gnu/libpthread.so.0(pthread_create+0x89b)[0x7f6e70a6737b]
 /usr/lib/x86_64-linux-
 gnu/libasan.so.4(pthread_create+0xf9)[0x7f6e71f72db9]
 git/tor/src/or/tor(spawn_func+0x117)[0x55673b5a52c7]
 git/tor/src/or/tor(threadpool_new+0x539)[0x55673b5a3499]
 git/tor/src/or/tor(cpu_init+0xb7)[0x55673b485917]
 git/tor/src/or/tor(do_main_loop+0x7fa)[0x55673b1a047a]
 git/tor/src/or/tor(tor_main+0x143d)[0x55673b1a579d]
 git/tor/src/or/tor(main+0x1c)[0x55673b1922bc]
 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f6e6f97f1c1]
 git/tor/src/or/tor(_start+0x2a)[0x55673b1940ba]
 }}}

 strace shows me:

 {{{
 20085 mprotect(0x7f6e6b9bf000, 8388608, PROT_READ|PROT_WRITE) = 10
 20085 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
 si_call_addr=0x7f6e6fa6ccf7, si_syscall=__NR_mprotect,
 si_arch=AUDIT_ARCH_X86_64} ---
 }}}

 Basically, our sandbox doesn't allow `PROT_WRITE`. Libc is 2.26.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24339>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online