Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Trac@tracbot

Add the wait4() syscall to the seccomp sandbox

Tor version 0.2.5.10 seems to call wait4() upon receiving SIGHUP, and this violates the seccomp sandbox rules in sandbox.c, crashing the tor process.

Trace from tor's log on debug loglevel, right after /etc/init.d/tor reload:

============================================================ T= 1425215692
(Sandbox) Caught a bad syscall attempt (syscall wait4)
/usr/bin/tor(+0x12f4f1)[0x4273cf44f1]
/lib64/libc.so.6(waitpid+0x1a)[0x3423957b1da]
/lib64/libc.so.6(waitpid+0x1a)[0x3423957b1da]
/usr/bin/tor(notify_pending_waitpid_callbacks+0x4a)[0x4273cf42da]
/usr/bin/tor(process_signal+0x4ad)[0x4273bfb96d]
/usr/lib64/libevent-2.0.so.5(event_base_loop+0x99e)[0x3423a111a6e]
/usr/bin/tor(do_main_loop+0x1ad)[0x4273bfa77d]
/usr/bin/tor(tor_main+0x1875)[0x4273bfd755]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x342394e2d55]
/usr/bin/tor(+0x31c49)[0x4273bf6c49]
Mar 01 16:14:52.000 [info] cpuworker_main(): read request failed. Exiting.

The patch is as simple as adding wait4() to the whitelist:

diff -Naur tor-0.2.5.10/src/common/sandbox.c tor-0.2.5.10.new/src/common/sandbox.c
--- tor-0.2.5.10/src/common/sandbox.c
+++ tor-0.2.5.10.new/src/common/sandbox.c
@@ -119,6 +119,7 @@
     SCMP_SYS(epoll_wait),
     SCMP_SYS(fcntl),
     SCMP_SYS(fstat),
+    SCMP_SYS(wait4),
 #ifdef __NR_fstat64
     SCMP_SYS(fstat64),
 #endif

Trac:
Username: sanic

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information