Fix startup crash with seccomp sandbox enabled #40072

Fix crash introduced in #40020. On startup, tor calls
check_private_dir on the data and key directories. This function
uses open instead of opendir on the received directory. Data and
key directoryes are only opened here, so the seccomp rule added
should be for open instead of opendir, despite the fact that they
are directories.
This commit is contained in:
Daniel Pinto 2020-07-29 00:34:08 +01:00
parent d28bfb2cd5
commit eab8e7af52
2 changed files with 7 additions and 11 deletions

View File

@ -1008,8 +1008,10 @@ sandbox_init_filter(void)
OPEN_DATADIR2(name, name2 suffix); \ OPEN_DATADIR2(name, name2 suffix); \
} while (0) } while (0)
// KeyDirectory is a directory, but it is only opened in check_private_dir
// which calls open instead of opendir
#define OPEN_KEY_DIRECTORY() \ #define OPEN_KEY_DIRECTORY() \
OPENDIR(options->KeyDirectory) OPEN(options->KeyDirectory)
#define OPEN_CACHEDIR(name) \ #define OPEN_CACHEDIR(name) \
sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name)) sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
#define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \ #define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \
@ -1023,7 +1025,9 @@ sandbox_init_filter(void)
OPEN_KEYDIR(name suffix); \ OPEN_KEYDIR(name suffix); \
} while (0) } while (0)
OPENDIR(options->DataDirectory); // DataDirectory is a directory, but it is only opened in check_private_dir
// which calls open instead of opendir
OPEN(options->DataDirectory);
OPEN_KEY_DIRECTORY(); OPEN_KEY_DIRECTORY();
OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp"); OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");

View File

@ -657,15 +657,7 @@ sb_opendir(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
if (param != NULL && param->prot == 1 && param->syscall if (param != NULL && param->prot == 1 && param->syscall
== PHONY_OPENDIR_SYSCALL) { == PHONY_OPENDIR_SYSCALL) {
if (libc_uses_openat_for_opendir()) { rc = allow_file_open(ctx, libc_uses_openat_for_opendir(), param->value);
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|
O_DIRECTORY|O_CLOEXEC));
} else {
rc = allow_file_open(ctx, 0, param->value);
}
if (rc != 0) { if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
"libseccomp error %d", rc); "libseccomp error %d", rc);