[tor-bugs] #24339 [Core Tor/Tor]: (Sandbox) Caught a bad syscall attempt (syscall mprotect)

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 17 18:52:15 UTC 2017 

#24339: (Sandbox) Caught a bad syscall attempt (syscall mprotect)
--------------------------+------------------------------------
 Reporter:  dgoulet       |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  sandbox       |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Description changed by dgoulet:

Old description:

> Trace is:
> {{{
> /usr/lib/x86_64-linux-gnu/libasan.so.4(+0x558c0)[0x7f6e71f908c0]
> /lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
> /lib/x86_64-linux-gnu/libpthread.so.0(+0x13150)[0x7f6e70a72150]
> /lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
> /lib/x86_64-linux-
> gnu/libpthread.so.0(pthread_create+0x89b)[0x7f6e70a6737b]
> /usr/lib/x86_64-linux-
> gnu/libasan.so.4(pthread_create+0xf9)[0x7f6e71f72db9]
> git/tor/src/or/tor(spawn_func+0x117)[0x55673b5a52c7]
> git/tor/src/or/tor(threadpool_new+0x539)[0x55673b5a3499]
> git/tor/src/or/tor(cpu_init+0xb7)[0x55673b485917]
> git/tor/src/or/tor(do_main_loop+0x7fa)[0x55673b1a047a]
> git/tor/src/or/tor(tor_main+0x143d)[0x55673b1a579d]
> git/tor/src/or/tor(main+0x1c)[0x55673b1922bc]
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f6e6f97f1c1]
> git/tor/src/or/tor(_start+0x2a)[0x55673b1940ba]
> }}}
>
> strace shows me:
>
> {{{
> 20085 mprotect(0x7f6e6b9bf000, 8388608, PROT_READ|PROT_WRITE) = 10
> 20085 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
> si_call_addr=0x7f6e6fa6ccf7, si_syscall=__NR_mprotect,
> si_arch=AUDIT_ARCH_X86_64} ---
> }}}
>
> Basically, our sandbox doesn't allow `PROT_WRITE`. Libc is 2.26.

New description:

 Trace is:
 {{{
 /usr/lib/x86_64-linux-gnu/libasan.so.4(+0x558c0)[0x7f6e71f908c0]
 /lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
 /lib/x86_64-linux-gnu/libpthread.so.0(+0x13150)[0x7f6e70a72150]
 /lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
 /lib/x86_64-linux-
 gnu/libpthread.so.0(pthread_create+0x89b)[0x7f6e70a6737b]
 /usr/lib/x86_64-linux-
 gnu/libasan.so.4(pthread_create+0xf9)[0x7f6e71f72db9]
 git/tor/src/or/tor(spawn_func+0x117)[0x55673b5a52c7]
 git/tor/src/or/tor(threadpool_new+0x539)[0x55673b5a3499]
 git/tor/src/or/tor(cpu_init+0xb7)[0x55673b485917]
 git/tor/src/or/tor(do_main_loop+0x7fa)[0x55673b1a047a]
 git/tor/src/or/tor(tor_main+0x143d)[0x55673b1a579d]
 git/tor/src/or/tor(main+0x1c)[0x55673b1922bc]
 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f6e6f97f1c1]
 git/tor/src/or/tor(_start+0x2a)[0x55673b1940ba]
 }}}

 strace shows me:

 {{{
 20085 mprotect(0x7f6e6b9bf000, 8388608, PROT_READ|PROT_WRITE) = 10
 20085 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
 si_call_addr=0x7f6e6fa6ccf7, si_syscall=__NR_mprotect,
 si_arch=AUDIT_ARCH_X86_64} ---
 }}}

 Basically, our sandbox doesn't allow `PROT_READ|PROT_WRITE`. Libc is 2.26.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24339#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list