[tor-bugs] #25440 [Core Tor/Tor]: Broken openat syscall in Sandbox mode

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 28 16:17:09 UTC 2018


#25440: Broken openat syscall in Sandbox mode
-------------------------------------------------+-------------------------
 Reporter:  ageisp0lis                           |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.3.3-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  sandbox, 033-must, regression,       |  Actual Points:
  033-triage-20180326, 033-included-20180326     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):

 * status:  accepted => needs_information


Comment:

 Hi!  I've been staring at this for a few weeks, and I think we might
 actually have a way to progress.

 So, openat() has to be happening within the start_writing_to_file() in the
 stack, which is happening inside write_str_to_file() in or_state_save().
 And start_writing_to_file calls tor_open_cloexec, which always calls
 sandbox_intern_string().

 The sandbox_intern_string() function will log a warning if the string
 wasn't interned.  We didn't see that warning, so the string was indeed
 interned.

 Question 1: Can you tell me, what version of libc exactly does your system
 use?  I am wondering if maybe we have a problem in our implementation of
 libc_uses_openat_for_everything, which checks for a version later than
 2.26.

 Question 2: And if you're building Tor from source, could you attach the
 orconfig.h file that is generated when you run "configure" to build tor?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25440#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list