nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.3.2' into maint-0.3.3

Browse Source
This commit is contained in:
Nick Mathewson 2018-08-08 09:26:23 -04:00
commit 00536254b7
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug25440 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (linux seccomp2 sandbox):
- Fix a bug in out sandboxing rules for the openat() syscall.
Previously, no openat() call would be permitted, which would break
filesystem operations on recent glibc versions. Fixes bug 25440;
bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

2
src/common/sandbox.c
View File

@ -450,7 +450,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
{ {
if (use_openat) { if (use_openat) {
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD), SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
} else { } else {
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),