Ticket #22794: seccomp-browser.c

File seccomp-browser.c, 2.7 KB (added by yawning, 15 months ago)

seccomp based test case.

Line 
1/*
2 * Run Tor Browser with seccomp rules to demonstrate #22794.
3 *
4 *  $ gcc seccomp-browser.c -o seccomp-browser -lseccomp
5 *  $ cp seccomp-browser wherever/tor-browser_en-US
6 *
7 *   <Set the appropriate env vars for an external tor process>
8 *
9 *  $ cd wherever/tor-browser_en-US
10 *  $ ./seccomp-browser
11 *
12 * Alternatively try `strace -ff -o /tmp/tbb.trace ./seccomp-browser`.
13 *
14 *  socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = ?
15 *  +++ killed by SIGSYS +++
16 *  (END)
17 */
18
19#include <stdio.h>
20#include <stdlib.h>
21#include <seccomp.h>
22#include <sys/types.h>
23#include <sys/socket.h>
24
25int main(int argc, char *argv[]) {
26  scmp_filter_ctx ctx;
27  int rc;
28
29  /*
30   * Check to see if the browser is configured to use AF_UNIX.
31   *
32   * Setting the prefs from inside the browser is inadequate for this,
33   * because the browser will fork/exec tor, and tor will get killed
34   * by the seccomp policy.
35   *
36   * Note: The appropriate settings depends on how your tor process is
37   * configured.  I'm not your mom, figure it out.
38   *
39   *  TOR_CONTROL_IPC_PATH=/var/run/tor/control
40   *  TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control_auth_cookie
41   *  TOR_SOCKS_IPC_PATH=/var/run/tor/socks
42   *  TOR_SKIP_LAUNCH=1
43   */
44  if (getenv("TOR_SOCKS_IPC_PATH") == NULL) {
45    fprintf(stderr, "`TOR_SOCKS_IPC_PATH` is not set.\n");
46    return -1;
47  }
48  if (getenv("TOR_CONTROL_IPC_PATH") == NULL) {
49    fprintf(stderr, "`TOR_CONTROL_IPC_PATH` is not set.\n");
50    return -1;
51  }
52  if (getenv("TOR_CONTROL_COOKIE_AUTH_FILE") == NULL) {
53    fprintf(stderr, "`TOR_CONTROL_COOKIE_AUTH_FILE` is not set.\n");
54    return -1;
55  }
56  if (getenv("TOR_SKIP_LAUNCH") == NULL) {
57    fprintf(stderr, "`TOR_SKIP_LAUNCH` is not set.\n");
58    return -1;
59  }
60
61  /* Initialize a filter with an all permissive default. */
62  ctx = seccomp_init(SCMP_ACT_ALLOW);
63  if (ctx == NULL) {
64    fprintf(stderr, "seccomp_init() failed");
65    return -1;
66  }
67
68  /* Disallow socket(AF_INET, ...); */
69  rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1,
70                        SCMP_A0(SCMP_CMP_EQ, AF_INET));
71  if (rc < 0) {
72    perror("seccomp_rule_add");
73    return -1;
74  }
75
76  /* Disallow socket(AF_INET6, ...); */
77  rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(socket), 1,
78                        SCMP_A0(SCMP_CMP_EQ, AF_INET6));
79  if (rc < 0) {
80    perror("seccomp_rule_add");
81    return -1;
82  }
83
84  /* Load the filter. */
85#ifndef DISABLE_FILTER
86  rc = seccomp_load(ctx);
87  if (rc < 0) {
88    perror("seccomp_load");
89  }
90#endif
91
92  /* Dispose of the context, the filter is loaded and in effect. */
93  seccomp_release(ctx);
94
95  /* Launch the browser and wait for things to return. */
96  rc = system("Browser/start-tor-browser");
97  if (rc < 0) {
98    perror("system");
99  }
100
101  return 0;
102}