Ticket #16244: 0001-Fix-sandboxing-to-work-when-running-as-a-relay.patch

File 0001-Fix-sandboxing-to-work-when-running-as-a-relay.patch, 2.0 KB (added by weasel, 5 years ago)
  • new file changes/bug16244

    From 898b7ef67c9da4ab9f0b3b18d849ded8f08cc8aa Mon Sep 17 00:00:00 2001
    From: Peter Palfrader <peter@palfrader.org>
    Date: Tue, 2 Jun 2015 20:06:49 +0200
    Subject: [PATCH] Fix sandboxing to work when running as a relay
    
    This includes correctly allowing renaming secret_id_key and allowing the
    eventfd2 and futex syscalls.  Fixes bug 16244; bugfix on 0.2.6.1-alpha.
    ---
     changes/bug16244     | 7 +++++++
     src/common/sandbox.c | 2 ++
     src/or/main.c        | 2 +-
     3 files changed, 10 insertions(+), 1 deletion(-)
     create mode 100644 changes/bug16244
    
    diff --git a/changes/bug16244 b/changes/bug16244
    new file mode 100644
    index 0000000..00bc557
    - +  
     1  o Minor bugfixes (sandbox, relay):
     2    - Fix sandboxing to work when running as a relay again.  This
     3      includes correctly allowing renaming secret_id_key and
     4      allowing the eventfd2 and futex syscalls.
     5      Fixes bug 16244; bugfix on 0.2.6.1-alpha.
     6      Patch by Peter Palfrader.
     7
  • src/common/sandbox.c

    diff --git a/src/common/sandbox.c b/src/common/sandbox.c
    index a32bd0d..cdb4521 100644
    a b static int filter_nopar_gen[] = { 
    129129    SCMP_SYS(clone),
    130130    SCMP_SYS(epoll_create),
    131131    SCMP_SYS(epoll_wait),
     132    SCMP_SYS(eventfd2),
    132133    SCMP_SYS(fcntl),
    133134    SCMP_SYS(fstat),
    134135#ifdef __NR_fstat64
    135136    SCMP_SYS(fstat64),
    136137#endif
     138    SCMP_SYS(futex),
    137139    SCMP_SYS(getdents64),
    138140    SCMP_SYS(getegid),
    139141#ifdef __NR_getegid32
  • src/or/main.c

    diff --git a/src/or/main.c b/src/or/main.c
    index d0fe8cb..8aa9a15 100644
    a b sandbox_init_filter(void) 
    29842984  // orport
    29852985  if (server_mode(get_options())) {
    29862986
    2987     OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp");
     2987    OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp");
    29882988    OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp");
    29892989    OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp");
    29902990    OPEN_DATADIR2("keys", "secret_id_key.old");