Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T14:43:55Zhttps://gitlab.torproject.org/legacy/trac/-/issues/15088Add the wait4() syscall to the seccomp sandbox2020-06-13T14:43:55ZTracAdd the wait4() syscall to the seccomp sandboxTor version 0.2.5.10 seems to call wait4() upon receiving SIGHUP, and this violates the seccomp sandbox rules in sandbox.c, crashing the tor process.
Trace from tor's log on debug loglevel, right after `/etc/init.d/tor reload`:
```
====...Tor version 0.2.5.10 seems to call wait4() upon receiving SIGHUP, and this violates the seccomp sandbox rules in sandbox.c, crashing the tor process.
Trace from tor's log on debug loglevel, right after `/etc/init.d/tor reload`:
```
============================================================ T= 1425215692
(Sandbox) Caught a bad syscall attempt (syscall wait4)
/usr/bin/tor(+0x12f4f1)[0x4273cf44f1]
/lib64/libc.so.6(waitpid+0x1a)[0x3423957b1da]
/lib64/libc.so.6(waitpid+0x1a)[0x3423957b1da]
/usr/bin/tor(notify_pending_waitpid_callbacks+0x4a)[0x4273cf42da]
/usr/bin/tor(process_signal+0x4ad)[0x4273bfb96d]
/usr/lib64/libevent-2.0.so.5(event_base_loop+0x99e)[0x3423a111a6e]
/usr/bin/tor(do_main_loop+0x1ad)[0x4273bfa77d]
/usr/bin/tor(tor_main+0x1875)[0x4273bfd755]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x342394e2d55]
/usr/bin/tor(+0x31c49)[0x4273bf6c49]
Mar 01 16:14:52.000 [info] cpuworker_main(): read request failed. Exiting.
```
The patch is as simple as adding wait4() to the whitelist:
```
diff -Naur tor-0.2.5.10/src/common/sandbox.c tor-0.2.5.10.new/src/common/sandbox.c
--- tor-0.2.5.10/src/common/sandbox.c
+++ tor-0.2.5.10.new/src/common/sandbox.c
@@ -119,6 +119,7 @@
SCMP_SYS(epoll_wait),
SCMP_SYS(fcntl),
SCMP_SYS(fstat),
+ SCMP_SYS(wait4),
#ifdef __NR_fstat64
SCMP_SYS(fstat64),
#endif
```
**Trac**:
**Username**: sanicTor: 0.2.5.x-final