[tor-commits] [sandboxed-tor-browser/master] Add a filter for the mmap() args to the tor seccomp whitelist.
yawning at torproject.org
yawning at torproject.org
Mon Nov 28 18:32:27 UTC 2016
commit 676ccd7b294ef20146f9169693d10a54fc2b6d73
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Mon Nov 28 18:31:49 2016 +0000
Add a filter for the mmap() args to the tor seccomp whitelist.
---
data/tor-whitelist.seccomp | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/data/tor-whitelist.seccomp b/data/tor-whitelist.seccomp
index 35e35db..8433e3f 100644
--- a/data/tor-whitelist.seccomp
+++ b/data/tor-whitelist.seccomp
@@ -85,14 +85,17 @@ getsockopt: arg1 == SOL_SOCKET && arg2 == SO_ERROR
# XXX: src/common/compat.c:tor_socketpair looks like it uses SOCK_CLOEXEC,
# but according to strace, fcntl is used to actually set the flag (6.0.6).
socketpair: arg0 == PF_LOCAL && (arg1 == SOCK_STREAM || arg1 == SOCK_STREAM | SOCK_CLOEXEC)
+# XXX/yawning: Tor doesn't have filters for this, but does for mmap2, but mmap2
+# is an x86-ism, so can't filter args.
+#
+# (PROT_READ|PROT_EXEC, MAP_PRIVATE | MAP_DENYWRITE) is needed for ld-linux.so
+mmap: (arg2 == PROT_READ && arg3 == MAP_PRIVATE) || (arg2 == PROT_NONE && arg3 == MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE) || (arg2 == PROT_READ | PROT_WRITE && ((arg3 == MAP_PRIVATE | MAP_ANONYMOUS) || (arg3 == MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK) || (arg3 == MAP_PRIVATE | MAP_FIXED | MAP_DENYWRITE) || (arg3 == MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS) || (arg3 == MAP_PRIVATE | MAP_DENYWRITE))) || (arg2 == PROT_READ | PROT_EXEC && arg3 == MAP_PRIVATE | MAP_DENYWRITE)
# System calls that tor has filters for, that we do not due to:
# * Yawning being too dumb/lazy to convert the rules (accept4, mmap2,
# rt_sigaction).
-# * Tor has a comment to filter, but doesn't yet (mmap).
rt_sigaction: 1
accept4: 1
-mmap: 1
# mmap2: 1
# fcntl64: 1
More information about the tor-commits
mailing list