[tor-bugs] #9249 [Tor]: GSOC seccomp stage 2

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 11 17:59:20 UTC 2013 

#9249: GSOC seccomp stage 2
-----------------------------+--------------------------------------------
     Reporter:  ctoader      |      Owner:  nickm
         Type:  enhancement  |     Status:  needs_revision
     Priority:  normal       |  Milestone:
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-relay gsoc seccomp sandbox
Actual Points:               |  Parent ID:  #5756
       Points:               |
-----------------------------+--------------------------------------------

Comment (by nickm):

 Replying to [comment:15 ctoader]:
 > Did the latest commit fix this? I also had 2 more commits, some changes
 didn't work on my configuration (linux 32 bit).

 Your change in 8e003b1c69152ba6e5c3a09db11472eef5db14da re-broke my 64-bit
 linux box with libseccomp version 1.0.1.  I get:
 {{{
 Sep 11 13:38:48.000 [err] add_noparam_filter(): Bug: (Sandbox) failed to
 add syscall index 34 (NR=-109), received libseccomp error -33
 Sep 11 13:38:48.000 [err] install_syscall_filter(): Bug: (Sandbox) failed
 to add param filters!
 Sep 11 13:38:48.000 [err] tor_main(): Bug: Failed to create syscall
 sandbox filter
 }}}

 This is for recv, which is apparently implemented via the recvfrom syscall
 on 64-bit linux.


 Also, your change in 3802cae9597fa417ceec42 breaks compilation on OSX,
 where I get:
 {{{
 src/common/sandbox.h:166: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or
 ‘__attribute__’ before ‘*’ token
 src/common/sandbox.h:174: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:185: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:193: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:204: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:212: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:222: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:230: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:241: error: expected ‘)’ before ‘*’ token
 src/common/sandbox.h:244: error: expected ‘)’ before ‘*’ token
 make[1]: *** [src/common/address.o] Error 1
 }}}


 I tried to fix the second one in my gsoc-cap-stage2 branch, but I don't
 know what to do for the first.


 > Small note: unfortunately by stepping through libseccomp with the
 debugger, I realised it doesn't support intervals on the same parameter
 because each filter entry applies to only one syscall parameter; so you
 couldn't have entry 1 say 'addr > x' and entry 2 say 'addr < x', unless
 they're done in separate calls; I did manage do make something work
 though.

 I think this is almost okay....  It would be cool to test it out, though,
 by adding a spurious call to mprotect different points inside the mapping
 (including the beginning or end) or remap the mapping right after the
 sandbox filters are installed, and to verify that that does the right
 thing.

 But hm.  What happens if somebody tries to mprotect the page right before
 immediately before the mapping, and they give a bunch of pages that
 includes the mapping, as in "mprotect(pr_mem_base - 4096, 8192,
 PROT_READ|PROT_WRITE)" ?


 (What exactly is it that needs to do mprotect(PROT_READ|PROT_WRITE)? I
 think it is malloc/arena.c in glibc.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9249#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list