Opened 5 years ago

Closed 5 years ago

#16244 closed defect (fixed)

(Sandbox) Unexpected syscalls on relay

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-sandbox tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


weasel reported the following sandxbox warnings on his relay:

(Sandbox) Caught a bad syscall attempt (syscall eventfd2)
 (Sandbox) Caught a bad syscall attempt (syscall open)

We should probably test the sandbox more thoroughly on relay-mode.
Here is the torrc used (to reproduce this):

Sandbox 1
PublishServerDescriptor 0
OrPort 9031

Child Tickets

Attachments (1)

0001-Fix-sandboxing-to-work-when-running-as-a-relay.patch (2.0 KB) - added by weasel 5 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 5 years ago by weasel

Status: newneeds_review

At least it seems to run now:

--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -129,11 +129,13 @@ static int filter_nopar_gen[] = {
+    SCMP_SYS(eventfd2),
 #ifdef __NR_fstat64
+    SCMP_SYS(futex),
 #ifdef __NR_getegid32
diff --git a/src/or/main.c b/src/or/main.c
index d0fe8cb..8aa9a15 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2984,7 +2984,7 @@ sandbox_init_filter(void)
   // orport
   if (server_mode(get_options())) {
-    OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp");
     OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp");
     OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp");
     OPEN_DATADIR2("keys", "secret_id_key.old");

comment:2 Changed 5 years ago by weasel

Status: needs_reviewneeds_revision

comment:3 Changed 5 years ago by weasel

Status: needs_revisionneeds_review

comment:4 Changed 5 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged to 0.2.6 and later; thanks!

Note: See TracTickets for help on using tickets.