"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/lib/sandbox/sandbox.c" between
tor-0.4.5.7.tar.gz and tor-0.4.5.8.tar.gz

About: Tor is an anonymous Internet communication system - a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

sandbox.c  (tor-0.4.5.7):sandbox.c  (tor-0.4.5.8)
skipping to change at line 1611 skipping to change at line 1611
// add general filters // add general filters
for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) { for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {
rc = seccomp_rule_add_0(ctx, SCMP_ACT_ALLOW, filter_nopar_gen[i]); rc = seccomp_rule_add_0(ctx, SCMP_ACT_ALLOW, filter_nopar_gen[i]);
if (rc != 0) { if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add syscall index %d (NR=%d), " log_err(LD_BUG,"(Sandbox) failed to add syscall index %d (NR=%d), "
"received libseccomp error %d", i, filter_nopar_gen[i], rc); "received libseccomp error %d", i, filter_nopar_gen[i], rc);
return rc; return rc;
} }
} }
if (is_libc_at_least(2, 33)) {
#ifdef __NR_newfstatat
// Libc 2.33 uses this syscall to implement both fstat() and stat().
//
// The trouble is that to implement fstat(fd, &st), it calls:
// newfstatat(fs, "", &st, AT_EMPTY_PATH)
// We can't detect this usage in particular, because "" is a pointer
// we don't control. And we can't just look for AT_EMPTY_PATH, since
// AT_EMPTY_PATH only has effect when the path string is empty.
//
// So our only solution seems to be allowing all fstatat calls, which
// means that an attacker can stat() anything on the filesystem. That's
// not a great solution, but I can't find a better one.
rc = seccomp_rule_add_0(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add newfstatat() syscall; "
"received libseccomp error %d", rc);
return rc;
}
#endif
}
return 0; return 0;
} }
/** /**
* Function responsible for setting up and enabling a global syscall filter. * Function responsible for setting up and enabling a global syscall filter.
* The function is a prototype developed for stage 1 of sandboxing Tor. * The function is a prototype developed for stage 1 of sandboxing Tor.
* Returns 0 on success. * Returns 0 on success.
*/ */
static int static int
install_syscall_filter(sandbox_cfg_t* cfg) install_syscall_filter(sandbox_cfg_t* cfg)
 End of changes. 1 change blocks. 
0 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)