[tor-commits] [tor/master] Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2

nickm at torproject.org nickm at torproject.org
Mon Nov 20 18:22:16 UTC 2017


commit 846df5b3cdd94ca57777c3e1cbdd81a25e9b5154
Merge: e0f7a2dbd 80bf27040 7461cd306
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Nov 20 13:20:25 2017 -0500

    Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2

 changes/bug24198     |  4 +++
 changes/ticket24315  |  3 ++
 configure.ac         |  2 ++
 src/common/sandbox.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++---
 4 files changed, 90 insertions(+), 5 deletions(-)

diff --cc src/common/sandbox.c
index 7a4e3ece3,d0ead2cae,0b862a549..0fd129d22
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@@@ -394,8 -425,54 -419,8 +400,54 @@@@ sb_mmap2(scmp_filter_ctx ctx, sandbox_c
   
     return 0;
   }
 - #endif
 ++#endif /* defined(__NR_mmap2) */
  +
+ +#ifdef HAVE_GNU_LIBC_VERSION_H
+ +#ifdef HAVE_GNU_GET_LIBC_VERSION
+ +#define CHECK_LIBC_VERSION
+ +#endif
+  #endif
+  
+ +/* Return true if we think we're running with a libc that always uses
+ + * openat on linux. */
+ +static int
+ +libc_uses_openat_for_everything(void)
+ +{
+ +#ifdef CHECK_LIBC_VERSION
+ +  const char *version = gnu_get_libc_version();
+ +  if (version == NULL)
+ +    return 0;
+ +
+ +  int major = -1;
+ +  int minor = -1;
+ +
+ +  tor_sscanf(version, "%d.%d", &major, &minor);
+ +  if (major >= 3)
+ +    return 1;
+ +  else if (major == 2 && minor >= 26)
+ +    return 1;
+ +  else
+ +    return 0;
+ +#else
+ +  return 0;
+ +#endif
+ +}
+ +
+ +/** Allow a single file to be opened.  If <b>use_openat</b> is true,
+ + * we're using a libc that remaps all the opens into openats. */
+ +static int
+ +allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
+ +{
+ +  if (use_openat) {
+ +    return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+ +                              SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
+ +                              SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
+ +  } else {
+ +    return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
+ +                              SCMP_CMP_STR(0, SCMP_CMP_EQ, file));
+ +  }
+ +}
+ +
   /**
    * Function responsible for setting up the open syscall for
    * the seccomp filter sandbox.
@@@@ -1051,8 -1110,8 -1048,21 +1113,21 @@@@ sb_stat64(scmp_filter_ctx ctx, sandbox_
   
     return 0;
   }
  -#endif
 ++#endif /* defined(__NR_stat64) */
 + 
++ static int
++ sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++ {
++   (void) filter;
++ #ifdef __NR_kill
++   /* Allow killing anything with signal 0 -- it isn't really a kill. */
++   return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
++        SCMP_CMP(1, SCMP_CMP_EQ, 0));
++ #else
++   return 0;
+  #endif
++ }
+  
   /**
    * Array of function pointers responsible for filtering different syscalls at
    * a parameter level.
@@@@ -1088,11 -1150,7 -1101,8 +1163,11 @@@@ static sandbox_filter_func_t filter_fun
       sb_socket,
       sb_setsockopt,
       sb_getsockopt,
 -     sb_socketpair
 +     sb_socketpair,
-  
 ++#ifdef HAVE_KIST_SUPPORT
 ++    sb_ioctl,
 ++#endif
++     sb_kill
   };
   
   const char *





More information about the tor-commits mailing list