[Whonix-devel] #25140 [Core Tor/Tor]: Parse only .torrc files in torrc.d directory
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 4 19:35:57 CEST 2019
#25140: Parse only .torrc files in torrc.d directory
-------------------------------------------------+-------------------------
Reporter: iry | Owner:
| Jigsaw52
Type: task | Status:
| needs_revision
Priority: High | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.3.1-alpha
Severity: Major | Resolution:
Keywords: 034-triage-20180328, | Actual Points:
035-removed-20180711 |
Parent ID: | Points:
Reviewer: ahf | Sponsor:
-------------------------------------------------+-------------------------
Comment (by Jigsaw52):
I was finally able to run Travis CI on my system and reproduce the
problem.
The crash when reloading the configuration file with seccomp sandbox
enabled was actually a bug that only happens with libc < 2.26. libc
versions before 2.26 did not use openat to open files but used it on
readdir. The previous seccomp rules for %included files and directories
allowed them to be opened, which added either the rule for openat or for
open, depending on your libc version. Because the initial %include sandbox
rules were only tested on libc >= 2.26, where everything used openat, this
was fine. When testing on libc < 2.26, only open (not openat) was allowed
for the %included files and directories. Because readdir, which will be
called for any %included directories, used openat, it caused tor to crash.
The fix was always adding the openat rule for %included directories
regardless of the libc version in use.
Additionally, another problem was found and fixed: when tor is compiled
with NSS, it will call getpeername and socket with some arguments that
were not allowed by the sandbox rules. This caused tor to crash on
startup. I've added the required rules and tor no longer crashes.
Also, I have mixed feelings on adding an automatic test for the seccomp
sandbox. While it is great that this functionally can now be tested
automatically (and it caught two bugs already), the seccomp sandbox is, by
its nature, very fragile and this test will easily break when people start
running on systems with different configurations. What do you think?
Should this test configuration enable the seccomp sandbox?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25140#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the Whonix-devel
mailing list