[tor-bugs] #29819 [Core Tor/Tor]: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 9 22:31:29 UTC 2019 

#29819: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
-----------------------------------+------------------------------------
 Reporter:  toralf                 |          Owner:  nickm
     Type:  defect                 |         Status:  assigned
 Priority:  Medium                 |      Milestone:  Tor: 0.4.0.x-final
Component:  Core Tor/Tor           |        Version:  Tor: unspecified
 Severity:  Normal                 |     Resolution:
 Keywords:  crash, linux, sandbox  |  Actual Points:
Parent ID:                         |         Points:  0.2
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------------------

Comment (by pege):

 Short update. The issue initially reported
 [https://github.com/seccomp/libseccomp/issues/148#issuecomment-480297770
 is on the way of being resolved]. BPF is now generated correctly for the
 `sigaction()` call mentioned in an earlier comment.

 This fix, however, is not enough to get Tor working with libseccomp
 v2.4.0. This version contains some major correction when it comes to BPF
 generation. In particular, earlier versions could generate BPF code that
 did not enforce all rules correctly. It would appear that PBF code was
 indeed generated incorrectly in case of Tor which lead to some bugs in
 Tor's sandbox implementation going unnoticed. In particular, file names
 passed to `open()`, `openat()` and `rename()` appear to be affected.

 [https://github.com/seccomp/libseccomp/issues/148#issuecomment-480386644
 See my comment on libseccomps bug tracker]. Response from the libseccomp
 maintainers is
 [https://github.com/seccomp/libseccomp/issues/148#issuecomment-481309991 a
 bit further down].

 I'll look at Tor sandbox a bit closer on the weekend in the hope of coming
 up with a way to deal with the issue. I guess we'll need some way of
 making sure paths are stored at fixed memory locations by either computing
 all the paths during compilation or during startup and then revoke write
 permission somehow for that region of memory the contains them.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29819#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list