Commit Graph

38054 Commits

Author SHA1 Message Date
Simon South
0d87dc1ee7 sandbox: Allow use with fragile hardening on AArch64 and elsewhere
Update the sandbox implementation to allow its use with fragile hardening
enabled on AArch64 (ARM64) and other architectures that use Linux's generic
syscall interface.  Note that in this configuration the sandbox is completely
unable to filter requests to open files and directories.

Update the sandbox unit tests to match.
2022-06-13 09:09:54 -04:00
Simon South
6a004380c9 sandbox: Filter "fchownat" on systems using generic syscalls
On architectures that use Linux's generic syscall interface the legacy "chown"
call is not available; on these systems glibc uses "fchownat" instead.  Modify
the sandbox implementation to match.
2022-06-13 09:09:54 -04:00
Simon South
da6b55b6f4 sandbox: Filter "fchmodat" on systems using generic syscalls
On architectures that use Linux's generic syscall interface the legacy "chmod"
call is not available; on these systems glibc uses "fchmodat" instead.  Modify
the sandbox implementation to match.
2022-06-13 09:09:54 -04:00
Simon South
cac7bec130 sandbox: Filter "newfstatat" on systems using generic syscalls
On architectures that use Linux's generic syscall interface the legacy "stat"
and "stat64" calls may not be available; on these systems glibc uses
"newfstatat" instead.  Modify the sandbox implementation to match.

Note that on these architectures as on others glibc 2.33 uses "newfstatat" in a
way the sandbox cannot filter, so preserve in add_noparam_filter() the code
that allows the use of this syscall without restriction when glibc version 2.33
is in use.
2022-06-13 09:09:54 -04:00
Simon South
d0297d878d sandbox: Filter "renameat", "renameat2" where "rename" unavailable
On architectures where Linux does not provide the legacy "rename" syscall it
offers one or both of "renameat" and "renameat2" instead.  Follow glibc's logic
in selecting which syscall to filter.
2022-06-13 09:09:54 -04:00
Simon South
1a40f64be1 sandbox: Assume "openat" syscall is used where "open" is unavailable
On architectures where Linux does not provide the legacy "open" syscall glibc
necessarily uses "openat" instead.  Omit the unnecessary glibc-version check on
these systems.
2022-06-13 09:09:54 -04:00
David Goulet
b733f9d6ac Merge branch 'maint-0.4.7' 2022-06-02 16:11:04 -04:00
David Goulet
dc7902ed55 Merge branch 'tor-gitlab/mr/583' into maint-0.4.7 2022-06-02 16:09:56 -04:00
Mike Perry
89a273e7f7 Bug 40620: Changes file 2022-06-02 18:54:11 +00:00
Mike Perry
9769b77c9b Demote log message to info.
This log is harmless, and can be common at relays if clients are sending XOFF.
2022-06-02 18:48:14 +00:00
Alex Xu (Hello71)
36c714687b Fix dispatch_cfg_t comment 2022-05-31 16:15:14 -04:00
David Goulet
69e3b8bb84 Merge branch 'tor-gitlab/mr/567' 2022-05-24 15:24:48 -04:00
David Goulet
62f505efd8 Merge branch 'tor-gitlab/mr/566' 2022-05-24 13:10:14 -04:00
David Goulet
d18b118bcc Merge branch 'tor-gitlab/mr/568' 2022-05-24 13:09:36 -04:00
Alex Xu (Hello71)
87b2ce6f84 Trigger OOS on bind failures (fixes #40597) 2022-05-21 21:30:06 -04:00
David Goulet
4f038d224f Merge branch 'tor-gitlab/mr/489' 2022-05-16 08:51:00 -04:00
David Goulet
bae04e6a98 Merge branch 'tor-gitlab/mr/555' 2022-05-16 08:45:32 -04:00
David Goulet
0f7a1f0351 Merge branch 'tor-gitlab/mr/561' 2022-05-16 08:45:15 -04:00
David Goulet
2a4663fee8 Merge branch 'tor-gitlab/mr/562' 2022-05-16 08:43:42 -04:00
David Goulet
faced20ddf Merge branch 'tor-gitlab/mr/565' 2022-05-16 08:42:14 -04:00
David Goulet
c080d8b922 Merge branch 'tor-gitlab/mr/577' 2022-05-09 10:59:18 -04:00
Alexander Færøy
5f2b75aafd Merge branch 'maint-0.4.6' into maint-0.4.7 2022-05-09 14:37:26 +00:00
Alexander Færøy
20112c13ac Merge branch 'maint-0.4.7' 2022-05-09 14:37:26 +00:00
Alexander Færøy
4ba89c0ccc Merge branch 'maint-0.4.5' into maint-0.4.6 2022-05-09 14:37:26 +00:00
Alexander Færøy
c213c1b0d1 Add changes entry to tor!575.
See: tpo/core/tor#40601.
2022-05-09 14:35:42 +00:00
pmu-ipf
d422a66f87 sandbox: Permit rseq syscall as well
This was found to be necessary in conjunction with glibc 2.35 on Linux. 

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2022-05-09 14:17:22 +00:00
Nick Mathewson
853270a871 Merge remote-tracking branch 'tor-gitlab/mr/574' 2022-05-04 10:34:03 -04:00
Pierre Bourdon
42034ae9da
changes: add entry for MR !574 2022-05-04 08:00:10 +02:00
Pierre Bourdon
eb0749d649
sandbox: replace SCMP_CMP_NEG with masked equality checks
For some syscalls the kernel ABI uses 32 bit signed integers. Whether
these 32 bit integer values are sign extended or zero extended to the
native 64 bit register sizes is undefined and dependent on the {arch,
compiler, libc} being used. Instead of trying to detect which cases
zero-extend and which cases sign-extend, this commit uses a masked
equality check on the lower 32 bits of the value.
2022-05-04 07:19:40 +02:00
Nick Mathewson
8d5692a2f7 Changes file for mr 569 2022-05-03 10:05:04 -04:00
Silvio Rhatto
f31d9cc3f9
Update man page on client auth revocation (#40418)
Revoking an Onion Service key does work with SIGHUP now.
The manual page is updated to reflect this change.
2022-05-03 10:37:32 -03:00
Pierre Bourdon
8fd13f7a7b
sandbox: filter {chown,chmod,rename} via their *at variant on Aarch64
The chown/chmod/rename syscalls have never existed on AArch64, and libc
implements the POSIX functions via the fchownat/fchmodat/renameat
syscalls instead.

Add new filter functions for fchownat/fchmodat/renameat, not made
architecture specific since the syscalls exists everywhere else too.
However, in order to limit seccomp filter space usage, we only insert
rules for one of {chown, chown32, fchownat} depending on the
architecture (resp. {chmod, fchmodat}, {rename, renameat}).
2022-04-30 13:13:45 +02:00
Pierre Bourdon
531275b0f3
sandbox: fix openat filtering on AArch64
New glibc versions not sign-extending 32 bit negative constants seems to
not be a thing on AArch64. I suspect that this might not be the only
architecture where the sign-extensions is happening, and the correct fix
might be instead to use a proper 32 bit comparison for the first openat
parameter. For now, band-aid fix this so the sandbox can work again on
AArch64.
2022-04-30 11:52:59 +02:00
Alex Xu (Hello71)
8f77db2842 test: Re-init pregenerated RSA keys for NSS only
Not revalidating keys on every fork speeds up make test from about 45 seconds
to 10 seconds with OpenSSL 1.1.1n and from 6 minutes to 10 seconds with OpenSSL
3.0.2.
2022-04-28 15:12:17 -04:00
Alex Xu (Hello71)
65ea7eed1f Remove broken MSVC support
MSVC compilation has been broken since at least 1e417b7275 ("All remaining
files in src/common belong to the event loop.") deleted
src/common/Makefile.nmake in 2018.
2022-04-27 23:09:44 -04:00
David Goulet
4259bc36af doc: Clarify the release process for a first stable
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-04-27 11:23:21 -04:00
David Goulet
fb4c80f7fb version: Bump version to 0.4.8.0-alpha-dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-04-27 11:15:25 -04:00
David Goulet
5345b43fb8 version: Bump to 0.4.7.7-dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-04-27 11:12:38 -04:00
David Goulet
8c39c664c2 ci: Add 0.4.7 series to scripts and CI
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-04-27 11:06:03 -04:00
Tor CI Release
929a90a24f version: Bump version to 0.4.7.7 2022-04-27 10:04:17 -04:00
Tor CI Release
3ca370c8b1 release: ChangeLog and ReleaseNotes for 0.4.7.7 2022-04-27 10:00:27 -04:00
Tor CI Release
06ed65bd85 fallbackdir: Update list generated on April 27, 2022 2022-04-27 09:41:38 -04:00
Tor CI Release
2270648baa Update geoip files to match ipfire location db, 2022/04/27. 2022-04-27 09:41:28 -04:00
Alex Xu (Hello71)
71b68f32eb Remove fallback-consensus rule
This rule has not been used since 4ead083dbc ("Do not ship a
fallback-consensus until the related bugs are fixed.") in 2008, and
fallback-consensus support was removed in f742b33d85 ("Drop
FallbackNetworkstatusFile; it never worked.").
2022-04-27 01:34:09 -04:00
Mike Perry
940e255fa8 Changes file for bug40598 2022-04-26 12:14:26 -04:00
Mike Perry
ed3399ab06 Bug 40598: Demote warn log about odd path lengths with congestion control. 2022-04-26 12:14:26 -04:00
Alex Xu (Hello71)
1a19f82a90 ci: install llvm-symbolizer 2022-04-26 10:13:46 -04:00
Alex Xu (Hello71)
160bf44c9b doc: fix out-of-tree build from git 2022-04-26 10:13:19 -04:00
Alex Xu (Hello71)
851f551dd7 geoip: make geoip_get_country_by_* STATIC
slightly simplifies code and reduces compiled size.
2022-04-23 02:48:32 -04:00
Alex Xu (Hello71)
15e95c3bda Use tor_event_free instead of event_del+tor_free
Using tor_free is wrong; event_free must be called for objects obtained from
event_new. Additionally, this slightly simplifies the code.

Also, add a static_assert to prevent further instances.
2022-04-20 00:14:25 -04:00