mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Fix startup crash with seccomp sandbox enabled #40072
Fix crash introduced in #40020. On startup, tor calls check_private_dir on the data and key directories. This function uses open instead of opendir on the received directory. Data and key directoryes are only opened here, so the seccomp rule added should be for open instead of opendir, despite the fact that they are directories.
This commit is contained in:
parent
d28bfb2cd5
commit
eab8e7af52
@ -1008,8 +1008,10 @@ sandbox_init_filter(void)
|
|||||||
OPEN_DATADIR2(name, name2 suffix); \
|
OPEN_DATADIR2(name, name2 suffix); \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
// KeyDirectory is a directory, but it is only opened in check_private_dir
|
||||||
|
// which calls open instead of opendir
|
||||||
#define OPEN_KEY_DIRECTORY() \
|
#define OPEN_KEY_DIRECTORY() \
|
||||||
OPENDIR(options->KeyDirectory)
|
OPEN(options->KeyDirectory)
|
||||||
#define OPEN_CACHEDIR(name) \
|
#define OPEN_CACHEDIR(name) \
|
||||||
sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
|
sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
|
||||||
#define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \
|
#define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \
|
||||||
@ -1023,7 +1025,9 @@ sandbox_init_filter(void)
|
|||||||
OPEN_KEYDIR(name suffix); \
|
OPEN_KEYDIR(name suffix); \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
OPENDIR(options->DataDirectory);
|
// DataDirectory is a directory, but it is only opened in check_private_dir
|
||||||
|
// which calls open instead of opendir
|
||||||
|
OPEN(options->DataDirectory);
|
||||||
OPEN_KEY_DIRECTORY();
|
OPEN_KEY_DIRECTORY();
|
||||||
|
|
||||||
OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");
|
OPEN_CACHEDIR_SUFFIX("cached-certs", ".tmp");
|
||||||
|
@ -657,15 +657,7 @@ sb_opendir(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
|||||||
|
|
||||||
if (param != NULL && param->prot == 1 && param->syscall
|
if (param != NULL && param->prot == 1 && param->syscall
|
||||||
== PHONY_OPENDIR_SYSCALL) {
|
== PHONY_OPENDIR_SYSCALL) {
|
||||||
if (libc_uses_openat_for_opendir()) {
|
rc = allow_file_open(ctx, libc_uses_openat_for_opendir(), param->value);
|
||||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
|
|
||||||
SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
|
|
||||||
SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
|
|
||||||
SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|
|
|
||||||
O_DIRECTORY|O_CLOEXEC));
|
|
||||||
} else {
|
|
||||||
rc = allow_file_open(ctx, 0, param->value);
|
|
||||||
}
|
|
||||||
if (rc != 0) {
|
if (rc != 0) {
|
||||||
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
|
log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
|
||||||
"libseccomp error %d", rc);
|
"libseccomp error %d", rc);
|
||||||
|
Loading…
Reference in New Issue
Block a user