Unverified Commit 41d52e9c authored by teor's avatar teor
Browse files

Merge remote-tracking branch 'tor-github/pr/1614' into maint-0.3.5

parents 19954cff 0d64bafc
o Minor bugfixes (linux seccomp sandbox):
- Correct how we use libseccomp. Particularly, stop assuming that
rules are applied in a particular order or that more rules are
processed after the first match. Neither is the case! In libseccomp
<2.4.0 this lead to some rules having no effect. Libseccomp 2.4.0
changed how rules are generated leading to a different ordering
which in turn lead to a fatal crash during startup. Fixes bug
29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber.
......@@ -491,24 +491,6 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
}
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
O_RDONLY));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
"error %d", rc);
return rc;
}
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
O_RDONLY));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
"libseccomp error %d", rc);
return rc;
}
return 0;
}
......@@ -562,23 +544,6 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0;
}
static int
sb__sysctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc;
(void) filter;
(void) ctx;
rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(_sysctl));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add _sysctl syscall, "
"received libseccomp error %d", rc);
return rc;
}
return 0;
}
/**
* Function responsible for setting up the rename syscall for
* the seccomp filter sandbox.
......@@ -1141,7 +1106,6 @@ static sandbox_filter_func_t filter_func[] = {
sb_chmod,
sb_open,
sb_openat,
sb__sysctl,
sb_rename,
#ifdef __NR_fcntl64
sb_fcntl64,
......@@ -1518,14 +1482,14 @@ install_syscall_filter(sandbox_cfg_t* cfg)
int rc = 0;
scmp_filter_ctx ctx;
ctx = seccomp_init(SCMP_ACT_TRAP);
ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM));
if (ctx == NULL) {
log_err(LD_BUG,"(Sandbox) failed to initialise libseccomp context");
rc = -1;
goto end;
}
// protectign sandbox parameter strings
// protecting sandbox parameter strings
if ((rc = prot_strings(ctx, cfg))) {
goto end;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment