[tor-commits] [tor/maint-0.4.1] Fix sandbox crash during reload of logging configuration

nickm at torproject.org nickm at torproject.org
Mon Jan 6 13:09:30 UTC 2020


commit b9d81282e0dbfdae795b38c26879716d7860bcf9
Author: Peter Gerber <pgerber at tocco.ch>
Date:   Sun Jan 5 15:48:54 2020 +0100

    Fix sandbox crash during reload of logging configuration
    
    Allow calls to dup() which was introduced in commit a22fbab986.
    
    From a security perspective, I don't think this should impact the
    security of the sandbox significantly. As far as I can tell, there
    is nothing an adversary can do with a duplicated FD that can't be
    done with the original.
---
 changes/bug32877          | 4 ++++
 src/lib/sandbox/sandbox.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/changes/bug32877 b/changes/bug32877
new file mode 100644
index 000000000..96fe1af70
--- /dev/null
+++ b/changes/bug32877
@@ -0,0 +1,4 @@
+o Minor bugfixes (linux seccomp sandbox):
+  - Fix crash when reloading logging configuration while the
+    experimental sandbox is enabled. Fixes bug 29150; bugfix
+    on 0.4.1.7. Patch by Peter Gerber.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index faaf463f2..7e6354d88 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -143,6 +143,7 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clock_gettime),
     SCMP_SYS(close),
     SCMP_SYS(clone),
+    SCMP_SYS(dup),
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
 #ifdef __NR_epoll_pwait





More information about the tor-commits mailing list