]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 88b146c)
Revert "Change the sandbox behavior on all failed opens() to EACCES"
authorNick Mathewson <nickm@torproject.org>
Thu, 1 Feb 2018 13:39:38 +0000 (08:39 -0500)
committerNick Mathewson <nickm@torproject.org>
Thu, 1 Feb 2018 13:39:38 +0000 (08:39 -0500)
This reverts commit 9a06282546418b2e9d21559d4853bcf124b953f4.

It appears that I misunderstood how the seccomp2 filter rules
interact.  It appears that `SCMP_ACT_ERRNO()` always takes
precedence over `SCMP_ACT_ALLOW()` -- I had thought instead that
earlier rules would override later ones.  But this change caused bug
25115 (not in any released Tor).

changes/bug16106 [deleted file] patch | blob | blame | history
src/common/sandbox.c patch | blob | blame | history

diff --git a/changes/bug16106 b/changes/bug16106
deleted file mode 100644 (file)
index 9142a37..0000000
--- a/changes/bug16106
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Cause a wider variety of unpermitted open() calls to fail with the
-      EACCES error when the sandbox is running. This won't enable any
-      previously non-working functionality, but it should turn several cases
-      from crashes into sandbox warnings. Fixes bug 16106; bugfix on
-      0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 043b8bf14ff49046096e90ef04c437d10c411825..37f582048cf4badd7de01082cf8398f826d5194b 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -481,14 +481,18 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     }
   }
 
-  rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open));
+  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
+                SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+                                O_RDONLY));
   if (rc != 0) {
     log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
         "error %d", rc);
     return rc;
   }
 
-  rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat));
+  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
+                SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+                                O_RDONLY));
   if (rc != 0) {
     log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
             "libseccomp error %d", rc);
Mirror of https://git.torproject.org/tor.git