mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
f5acfe6723
This change permits the newfstatat() system call, and fixes issues
40382 (and 40381).
This isn't a free change. From the commit:
// Libc 2.33 uses this syscall to implement both fstat() and stat().
//
// The trouble is that to implement fstat(fd, &st), it calls:
// newfstatat(fs, "", &st, AT_EMPTY_PATH)
// We can't detect this usage in particular, because "" is a pointer
// we don't control. And we can't just look for AT_EMPTY_PATH, since
// AT_EMPTY_PATH only has effect when the path string is empty.
//
// So our only solution seems to be allowing all fstatat calls, which
// means that an attacker can stat() anything on the filesystem. That's
// not a great solution, but I can't find a better one.
7 lines
356 B
Plaintext
7 lines
356 B
Plaintext
o Minor features (compatibility, Linux seccomp sandbox):
|
|
- Add a workaround to enable the Linux sandbox to work correctly
|
|
on systems running Glibc 2.33. These versions have started
|
|
using the fstatat() system call, which previously our sandbox did not
|
|
allow.
|
|
Closes ticket 40382; see the ticket for a discussion of tradeoffs.
|