Skip to content

[Tor Gitlab #40020 - maint-0.3.5]: Fix seccomp sandbox rules for opening directories#2013

Open
Jigsaw52 wants to merge 3 commits intotorproject:maint-0.3.5from
Jigsaw52:fix-40020_035
Open

[Tor Gitlab #40020 - maint-0.3.5]: Fix seccomp sandbox rules for opening directories#2013
Jigsaw52 wants to merge 3 commits intotorproject:maint-0.3.5from
Jigsaw52:fix-40020_035

Conversation

@Jigsaw52
Copy link
Contributor

@Jigsaw52 Jigsaw52 commented Jul 20, 2020

Different versions of glibc use either open or openat for the
opendir function. This commit adds logic to use the correct rule
for each glibc version, namely:

  • Until 2.14 open is used
  • From 2.15 to to 2.21 openat is used
  • From 2.22 to 2.26 open is used
  • From 2.27 onwards openat is used

Jigsaw52 added 2 commits July 20, 2020 22:30
@Jigsaw52
Fix seccomp sandbox rules for openat #27315
c79b439 
The need for casting negative syscall arguments depends on the
glibc version. This affects the rules for the openat syscall which
uses the constant AT_FDCWD that is defined as a negative number.
This commit adds logic to only apply the cast when necessary, on
glibc versions from 2.27 onwards.
@Jigsaw52
Fix seccomp sandbox rules for opening directories #40020
d28bfb2 
Different versions of glibc use either open or openat for the
opendir function. This commit adds logic to use the correct rule
for each glibc version, namely:
- Until 2.14 open is used
- From 2.15 to to 2.21 openat is used
- From 2.22 to 2.26 open is used
- From 2.27 onwards openat is used
@coveralls
Copy link

coveralls commented Jul 20, 2020
edited
Loading

Pull Request Test Coverage Report for Build 9701

  • 0 of 30 (0.0%) changed or added relevant lines in 2 files are covered.
  • 15 unchanged lines in 3 files lost coverage.
  • Overall coverage decreased (-0.009%) to 59.232%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/app/main/main.c 0 1 0.0%
src/lib/sandbox/sandbox.c 0 29 0.0%
Files with Coverage Reduction New Missed Lines %
src/feature/dirauth/shared_random.c 1 85.82%
src/lib/arch/bytes.h 2 94.59%
src/ext/tinytest.c 12 40.59%
Totals Coverage Status
Change from base Build 9482: -0.009%
Covered Lines: 43336
Relevant Lines: 73163
💛 - Coveralls

@Jigsaw52
Fix startup crash with seccomp sandbox enabled #40072
eab8e7a 
Fix crash introduced in #40020. On startup, tor calls
check_private_dir on the data and key directories. This function
uses open instead of opendir on the received directory. Data and
key directoryes are only opened here, so the seccomp rule added
should be for open instead of opendir, despite the fact that they
are directories.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jigsaw52 @coveralls