mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 07:07:52 +01:00
Code Issues Projects Releases Wiki Activity

Revert "Change the sandbox behavior on all failed opens() to EACCES"

Browse source 
This reverts commit 9a06282546.

It appears that I misunderstood how the seccomp2 filter rules
interact.  It appears that `SCMP_ACT_ERRNO()` always takes
precedence over `SCMP_ACT_ALLOW()` -- I had thought instead that
earlier rules would override later ones.  But this change caused bug
25115 (not in any released Tor).
This commit is contained in:
Nick Mathewson 2018-02-01 08:39:38 -05:00
parent 88b146cda5
commit ea8e9f17f5
2 changed files with 6 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changes/bug16106
View file

@ -1,6 +0,0 @@
o Minor bugfixes (linux seccomp2 sandbox):
- Cause a wider variety of unpermitted open() calls to fail with the
EACCES error when the sandbox is running. This won't enable any
previously non-working functionality, but it should turn several cases
from crashes into sandbox warnings. Fixes bug 16106; bugfix on
0.2.5.1-alpha.

8
src/common/sandbox.c
View file

@ -481,14 +481,18 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
}
rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open));
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
O_RDONLY));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
"error %d", rc);
return rc;
}
rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat));
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
O_RDONLY));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
"libseccomp error %d", rc);