Opened 4 years ago

Closed 2 years ago

#16160 closed defect (worksforme)

seccomp sandbox does not work on arm

Reported by: ajs124 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.6.9
Severity: Normal Keywords: seccomp
Cc: Actual Points:
Parent ID: Points: medium
Reviewer: Sponsor:

Description

Tor v0.2.6.8 as shipped by arch linux arm (armv6h/raspberry pi) crashes when the seccomp sandbox is enabled with the following error:

============================================================ T= 1432314730
(Sandbox) Caught a bad syscall attempt (syscall 289)
/usr/bin/tor(+0x13f734)[0xb6ee7734]
/usr/lib/libc.so.6(__send+0x1c)[0xb69ac7ec]
/usr/lib/libc.so.6(__send+0x1c)[0xb69ac7ec]

I started looking into the code and came up with the attached patch. Afterwards the error message is this:

============================================================ T= 1432331214
(Sandbox) Caught a bad syscall attempt (syscall eventfd2)
/usr/bin/tor(+0x1402e4)[0xb6ef02e4]
/usr/lib/libc.so.6(eventfd+0xc)[0xb696ca5c]
/usr/lib/libc.so.6(eventfd+0xc)[0xb696ca5c]
/usr/bin/tor(alert_sockets_create+0x98)[0xb6eda974]
/usr/bin/tor(replyqueue_new+0x3c)[0xb6ef43c4]
/usr/bin/tor(cpu_init+0xc4)[0xb6ea1360]
/usr/bin/tor(do_main_loop+0x358)[0xb6dd9cac]
/usr/bin/tor(tor_main+0x160)[0xb6ddb744]

Since I'm neither familiar with seccomp nor the tor codebase, this is where I gave up… I hope someone here can fix this.

Child Tickets

Attachments (1)

first_try.patch (392 bytes) - added by ajs124 4 years ago.

Download all attachments as: .zip

Change History (17)

Changed 4 years ago by ajs124

Attachment: first_try.patch added

comment:1 Changed 4 years ago by nickm

Keywords: seccomp 026-backport added
Milestone: Tor: 0.2.7.x-final

hmmm, this could be a bug in the sandbox code. I don't see anywhere that we enable eventfd(2) in the sandbox code...

comment:2 Changed 4 years ago by ajs124

Version: Tor: 0.2.6.7Tor: 0.2.6.9

comment:3 Changed 4 years ago by nickm

Keywords: PostFreeze027 added

I'd merge patches for these for 0.2.7 if they come in on time. In some cases, that will require figuring out an as-yet-unsolved bugs.

comment:4 Changed 4 years ago by nickm

Keywords: PostFreeze027 removed
Milestone: Tor: 0.2.7.x-finalTor: 0.2.8.x-final

Moving these tickets into 0.2.8. Not expecting to take patches for any into 0.2.7 at this late date. As usual, please say something if you disagree! :)

comment:5 Changed 4 years ago by ajs124

I tried fixing this again with 0.2.7.3-rc and now it fails with

sandbox_intern_string(): Bug: No interned sandbox parameter found for /var/lib/tor/keys/ed25519_signing_secret_key_encrypted (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
sandbox_intern_string(): Bug: No interned sandbox parameter found for /var/lib/tor/keys/ed25519_signing_public_key (on Tor 0.2.7.3-rc 9a4cac74fd2f4bb3)
============================================================ T= 1443394504
(Sandbox) Caught a bad syscall attempt (syscall open)
/usr/bin/tor(+0x155334)[0x7f796334]
/usr/lib/libpthread.so.0(__open64+0x4c)[0xb6aa10ac]
/usr/lib/libpthread.so.0(__open64+0x4c)[0xb6aa10ac]
/usr/bin/tor(tor_open_cloexec+0x3c)[0x7f77b8ec]

comment:6 Changed 4 years ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.7.x-final

Hmmm. Does that work on x86?

comment:7 Changed 4 years ago by ajs124

Good question. It seems as if the seccomp sandbox does in fact work on x84_64 with 0.2.7.3-rc… No idea about x86_32.

comment:8 Changed 4 years ago by nickm

Keywords: 027-backport added; 026-backport removed
Milestone: Tor: 0.2.7.x-finalTor: 0.2.8.x-final

comment:9 Changed 4 years ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.9.x-final

It is impossible that we will fix all 226 currently open 028 tickets before 028 releases. Time to move some out. This is my second pass through the "new" and tickets, looking for things to move to 0.2.9.

comment:10 Changed 4 years ago by nickm

Points: medium
Severity: Normal

comment:11 Changed 4 years ago by isabela

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

tickets market to be removed from milestone 029

comment:12 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:13 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:14 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:15 Changed 2 years ago by nickm

Keywords: 027-backport removed

These are not ripe for an 027 backport

comment:16 Changed 2 years ago by nickm

Resolution: worksforme
Status: newclosed
Note: See TracTickets for help on using tickets.