[tor-bugs] #23706 [Core Tor/Tor]: Tor's seccomp sandbox does not know about the syscall epoll_pwait
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 29 11:02:35 UTC 2017
#23706: Tor's seccomp sandbox does not know about the syscall epoll_pwait
------------------------------+------------------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.3.2.1-alpha
Severity: Normal | Keywords: seccomp, sandbox, musl
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------------
I was playing with the seccomp sandbox with tor 3.2.1-alpha.
The system in question uses Musl as the standard C library. When adding
"Sandbox 1" to a minimal torrc (attached at the end), this results in an
error, saying "(Sandbox) Caught a bad syscall attempt (syscall
epoll_pwait)".
The operating system is Gentoo, and the kernel version is 4.9.24-grsec. It
is reproducible on Alpine Linux (which also uses Musl as standard C
library), but not on Debian, which suggests this is due to Musl exposing
an extra system call to Tor that the sandbox does not recognize.
It's also reproducible on tor-0.3.1.7, which suggests this is not a new
defect for the 3.2.x series.
The minimal torrc for which this is reproducible is as follows:
User tor
Log debug file /var/log/tor/tor.log
DataDirectory /var/lib/tor/data
Sandbox 1
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23706>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list