• Nick Mathewson's avatar
    Add a sandbox workaround for Glibc 2.33 · f5acfe67
    Nick Mathewson authored
    This change permits the newfstatat() system call, and fixes issues
    40382 (and 40381).
    
    This isn't a free change.  From the commit:
    
        // Libc 2.33 uses this syscall to implement both fstat() and stat().
        //
        // The trouble is that to implement fstat(fd, &st), it calls:
        //     newfstatat(fs, "", &st, AT_EMPTY_PATH)
        // We can't detect this usage in particular, because "" is a pointer
        // we don't control.  And we can't just look for AT_EMPTY_PATH, since
        // AT_EMPTY_PATH only has effect when the path string is empty.
        //
        // So our only solution seems to be allowing all fstatat calls, which
        // means that an attacker can stat() anything on the filesystem. That's
        // not a great solution, but I can't find a better one.
    f5acfe67
sandbox.c 47 KB