[tor-bugs] #22794 [Applications/Tor Browser]: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 23 12:25:23 UTC 2018
#22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured.
-------------------------------------------------+-------------------------
Reporter: yawning | Owner:
| pospeselr
Type: defect | Status:
| assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-sandboxing, | Actual Points:
TorBrowserTeam201801 |
Parent ID: #20775 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by yawning):
Apparently someone really wanted to be able to see this with seccomp, so I
attached a trivial program that uses libseccomp to initialize a filter
that will reject `socket(AF_INET[6], ..., ...)` by SIGSYSing the thread.
Usage:
1. Compile it.
2. Set the required env vars to get Tor Browser to talk to a external tor
process over AF_UNIX sockets.
3. Run it from the root of a tor browser installation (It calls
`system("Browser/start-tor-browser");` because it's a trivial test case
and I'm lazy).
4. Watch in horror as nothing works.
5. Run it with strace to see the socket thread traces ending abruptly
with `+++ killed by SIGSYS +++`.
The control port appears to work, but any attempt to use the socks port
get stomped on, so I'm basically convinced that the root cause is the
non-`AF_INET` socket support in `nsSOCKSIOLayer` being a steaming pile of
shit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22794#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list