[tor-bugs] #29819 [Core Tor/Tor]: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 16 18:34:56 UTC 2019
#29819: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
-----------------------------------+------------------------------------
Reporter: toralf | Owner: nickm
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: crash, linux, sandbox | Actual Points:
Parent ID: | Points: 0.2
Reviewer: | Sponsor:
-----------------------------------+------------------------------------
Comment (by pege):
Looks like Tor used libseccomp in a way it was never intended to be used.
See
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-482796234
this comment] and the
[https://github.com/seccomp/libseccomp/issues/148#issuecomment-483057151
response here].
Nickm, I think you know the Sandbox better than I do. Where do we go from
here? I'd say we just return EPERM whenever we want to deny access. I'd
expect this to be least likely to introduce any regressions. If we just
fail with SIGSYS, this is likely to break on one system or another. On
Fedora, at least OpenSSL attemps to open file that's not allowed, namely,
`/etc/crypto-policies/back-ends/openssl.config`. We can always decide to
switch to SYSSIG later on, after thorough testing but I think first we
should make sure no more installations break because of a libseccomp
v2.4.0 upgrade.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29819#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list