Opened 4 years ago

Closed 4 years ago

#16515 closed defect (fixed)

tor_open_cloexec only uses the sandbox when O_CLOEXEC is defined

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: 0.2.3.1-alpha
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In tor_open_cloexec, the sandbox_intern_string call is inside #ifdef O_CLOEXEC.

This means that we only use the sandbox if O_CLOEXEC is defined, which I doubt is the desired behaviour.

Bug from 0.2.3.1-alpha.
Fix branch coming soon.

Child Tickets

Change History (8)

comment:1 Changed 4 years ago by teor

Branch: bug16515-sandbox-cloexec
Repository: https://github.com/teor2345/tor.git
Always use the sandbox in tor_open_cloexec, whether or not O_CLOEXEC is defined.

comment:2 Changed 4 years ago by teor

I'm pretty sure this should be backported to 0.2.6 and 0.2.5 (if we're releasing it again?).

comment:3 Changed 4 years ago by teor

Priority: majornormal

comment:4 Changed 4 years ago by teor

Status: newneeds_review

comment:5 Changed 4 years ago by teor

This issue only affects old systems without O_CLOEXEC.

comment:6 Changed 4 years ago by teor

This issue only affects old systems without O_CLOEXEC, and with seccomp. (Are there any of these?)

comment:7 Changed 4 years ago by nickm

I don't think there are any such systems that have seccomp2 (added around Linux 3.5) but lack O_CLOEXEC (added in 2.6.23). Still, I think the patch makes the code cleaner, so it's worth taking in master.

comment:8 Changed 4 years ago by nickm

Keywords: backport removed
Milestone: Tor: 0.2.7.x-final
Resolution: fixed
Status: needs_reviewclosed

Merged; thanks!

Note: See TracTickets for help on using tickets.