nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.3.4'

Browse Source
This commit is contained in:
Nick Mathewson 2018-08-08 09:26:23 -04:00
commit 7787150521
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug25440 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (linux seccomp2 sandbox):
- Fix a bug in out sandboxing rules for the openat() syscall.
Previously, no openat() call would be permitted, which would break
filesystem operations on recent glibc versions. Fixes bug 25440;
bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

2
src/lib/sandbox/sandbox.c
View File

@ -455,7 +455,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
{
if (use_openat) {
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
} else {
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),