Opened 6 years ago

Closed 6 years ago

#12043 closed defect (fixed)

Stack Trace at SIGTERM when using Sandbox and obfsproxy

Reported by: alphawolf Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Tor built from git (git-767b18ea8eebc2c0), with configure options to mimic Debian packaging. When running as a bridge with obfsproxy and sandbox enabled, SIGTERM causes a stack trace. Also, obfsproxy does not exit and must be killed manually. Without sandbox, obfsproxy closes with tor.

May 19 01:48:11.000 [notice] Catching signal TERM, exiting cleanly.

============================================================ T= 1400478491
(Sandbox) Caught a bad syscall attempt (syscall kill)


DataDirectory /var/lib/tor
PidFile /var/run/tor/
RunAsDaemon 1
User debian-tor

ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie

Log notice file /var/log/tor/log


ORPort 9001
#Nickname Test
#DirPort 9030

ExitPolicy reject *:* # no exits allowed

BridgeRelay 1
ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
ExtORPort auto

PublishServerDescriptor 0

Sandbox 1

OS: Debian Jessie
kernel: 3.13-1-amd64
libseccomp-dev: 2.1.1-1
obfsproxy: 0.2.8-1

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by alphawolf

Summary: Stack Trace at SIGTERM when using Sanbox and obfsproxyStack Trace at SIGTERM when using Sandbox and obfsproxy

s/Sanbox/Sandbox/ in title...

comment:2 Changed 6 years ago by nickm

I think that the right solution for 0.2.5 is to say that managed proxies aren't supported with sandboxing; we can't expect them to work at all, since even if we do successfully launch them, the sandbox will keep them from calling most of the functions they might want to call.

comment:3 Changed 6 years ago by nickm

Resolution: fixed
Status: newclosed

Should be fixed in 465982012c69e78986d421604d27afd6ecbe70f6 , by refusing to try to use managed proxies or port-forwarding plugins when the sandbox is enabled. Please reopen if it doesn't work. :)

Note: See TracTickets for help on using tickets.