GitLab

The bubblewrap seccomp sandbox prevents my sandboxed tor browser from doing certain system calls. That's great! But, what do I see when it attempts a forbidden system call?

Yawning tells me the answer right now is that it silently doesn't do the forbidden action. That's not terrible, but if I want to debug our sandbox rules, or learn whether I'm being attacked by the website payload, it's not ideal.

Apparently another option is that the kernel could send the process a SIGSYS signal. So in that case my browser would die with a sigsys signal, and I could conclude that apparently a sandbox violation occurred.

But Yawning says that the sandbox rules aren't perfect, and in particular there are some edge cases involving "weird issues with x86 32 bit systems forgetting whitelisted syscalls". So killing by default will end up with some sad users.

Apparently a third option would be to teach Firefox to hook the sigsys signal, and then it could log something about what it was doing at the time it got the signal. That involves some programming -- and I wonder if the timing is fine-grained enough that Firefox at the time of the sigsys signal can identify exactly which syscall it is doing?