[tor-commits] [tor/master] Change the sandbox behavior on all failed opens() to EACCES
nickm at torproject.org
nickm at torproject.org
Wed Jan 31 20:53:44 UTC 2018
commit 9a06282546418b2e9d21559d4853bcf124b953f4
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Jan 26 12:18:43 2018 -0500
Change the sandbox behavior on all failed opens() to EACCES
Previously, most disallowed open(O_RDONLY) attempts would EACCES,
but others would fail with a crash.
---
changes/bug16106 | 6 ++++++
src/common/sandbox.c | 8 ++------
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/changes/bug16106 b/changes/bug16106
new file mode 100644
index 000000000..9142a37e3
--- /dev/null
+++ b/changes/bug16106
@@ -0,0 +1,6 @@
+ o Minor bugfixes (linux seccomp2 sandbox):
+ - Cause a wider variety of unpermitted open() calls to fail with the
+ EACCES error when the sandbox is running. This won't enable any
+ previously non-working functionality, but it should turn several cases
+ from crashes into sandbox warnings. Fixes bug 16106; bugfix on
+ 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 37f582048..043b8bf14 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -481,18 +481,14 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
}
- rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
- SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
- O_RDONLY));
+ rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
"error %d", rc);
return rc;
}
- rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
- SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
- O_RDONLY));
+ rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
"libseccomp error %d", rc);
More information about the tor-commits
mailing list