Commit eab8e7af authored by Jigsaw52's avatar Jigsaw52
Browse files

Fix startup crash with seccomp sandbox enabled #40072

Fix crash introduced in #40020. On startup, tor calls
check_private_dir on the data and key directories. This function
uses open instead of opendir on the received directory. Data and
key directoryes are only opened here, so the seccomp rule added
should be for open instead of opendir, despite the fact that they
are directories.
parent d28bfb2c
...@@ -1008,8 +1008,10 @@ sandbox_init_filter(void) ...@@ -1008,8 +1008,10 @@ sandbox_init_filter(void)
OPEN_DATADIR2(name, name2 suffix); \ OPEN_DATADIR2(name, name2 suffix); \
} while (0) } while (0)
// KeyDirectory is a directory, but it is only opened in check_private_dir
// which calls open instead of opendir
#define OPEN_KEY_DIRECTORY() \ #define OPEN_KEY_DIRECTORY() \
OPENDIR(options->KeyDirectory) OPEN(options->KeyDirectory)
#define OPEN_CACHEDIR(name) \ #define OPEN_CACHEDIR(name) \
sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name)) sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
#define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \ #define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \
...@@ -1023,7 +1025,9 @@ sandbox_init_filter(void) ...@@ -1023,7 +1025,9 @@ sandbox_init_filter(void)
OPEN_KEYDIR(name suffix); \ OPEN_KEYDIR(name suffix); \
} while (0) } while (0)
OPENDIR(options->DataDirectory); // DataDirectory is a directory, but it is only opened in check_private_dir
// which calls open instead of opendir
OPEN(options->DataDirectory);
OPEN_KEY_DIRECTORY(); OPEN_KEY_DIRECTORY();
OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp"); OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");
......
...@@ -657,15 +657,7 @@ sb_opendir(scmp_filter_ctx ctx, sandbox_cfg_t *filter) ...@@ -657,15 +657,7 @@ sb_opendir(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
if (param != NULL && param->prot == 1 && param->syscall if (param != NULL && param->prot == 1 && param->syscall
== PHONY_OPENDIR_SYSCALL) { == PHONY_OPENDIR_SYSCALL) {
if (libc_uses_openat_for_opendir()) { rc = allow_file_open(ctx, libc_uses_openat_for_opendir(), param->value);
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|
O_DIRECTORY|O_CLOEXEC));
} else {
rc = allow_file_open(ctx, 0, param->value);
}
if (rc != 0) { if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
"libseccomp error %d", rc); "libseccomp error %d", rc);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment