Opened 3 years ago

Closed 3 years ago

#19660 closed defect (implemented)

sandboxing backtrace on start

Reported by: weasel Owned by:
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version: Tor: 0.2.8.5-rc
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On the maint 0.2.8 branch, starting tor with sandboxing and OrPort enabled causes a backtrace for me.

[git|maint-0.2.8] weasel@defiant:~/projects/tor/tor/bt$ make -j4 && ../bt/src/or/tor --SandBox 1 --OrPort 1930 --PublishServerDescriptor 0 --socksport 19050
[..]
Jul 10 21:14:50.001 [notice] Tor v0.2.8.5-rc-dev (git-a931d157fd5454f6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1t and Zlib 1.2.8.
Jul 10 21:14:50.001 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 10 21:14:50.001 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults.
Jul 10 21:14:50.003 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Jul 10 21:14:50.004 [notice] Based on detected system memory, MaxMemInQueues is set to 5914 MB. You can override this by setting MaxMemInQueues by hand.
Jul 10 21:14:50.004 [warn] Tor is running as an exit relay with the default exit policy. If you did not want this behavior, please set the ExitRelay option to 0. If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility.
Jul 10 21:14:50.004 [warn] In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.
Jul 10 21:14:50.004 [notice] Opening Socks listener on 127.0.0.1:19050
Jul 10 21:14:50.004 [notice] Opening OR listener on 0.0.0.0:1930
Jul 10 21:14:50.000 [notice] Configured to measure directory request statistics, but no GeoIP database found. Please specify a GeoIP database using the GeoIPFile option.
Jul 10 21:14:50.000 [notice] Your Tor server's identity key fingerprint is 'Unnamed A1B2A21EE24158A285AE84199040984E8530120D'
Jul 10 21:14:50.000 [notice] Bootstrapped 0%: Starting
Jul 10 21:14:50.000 [notice] Guessed our IP address as 86.59.30.37 (source: 86.59.21.38).

============================================================ T= 1468178090
(Sandbox) Caught a bad syscall attempt (syscall socket)
../bt/src/or/tor(+0x1504d6)[0x7f38ef7fa4d6]
/lib/x86_64-linux-gnu/libc.so.6(socket+0x7)[0x7f38ed9a39f7]
/lib/x86_64-linux-gnu/libc.so.6(socket+0x7)[0x7f38ed9a39f7]
../bt/src/or/tor(tor_open_socket_with_extensions+0x8e)[0x7f38ef7e361e]
../bt/src/or/tor(get_interface_address6_via_udp_socket_hack+0x8c)[0x7f38ef7dff3c]
../bt/src/or/tor(get_interface_address6_list+0x18e)[0x7f38ef7e035e]
../bt/src/or/tor(policies_parse_exit_policy_reject_private+0xf1)[0x7f38ef705c01]
../bt/src/or/tor(policies_parse_exit_policy+0x19f)[0x7f38ef70624f]
../bt/src/or/tor(policies_parse_exit_policy_from_options+0xba)[0x7f38ef70638a]
../bt/src/or/tor(router_build_fresh_descriptor+0x659)[0x7f38ef727c59]
../bt/src/or/tor(router_rebuild_descriptor+0xbd)[0x7f38ef727fcd]
../bt/src/or/tor(router_get_my_routerinfo+0x36)[0x7f38ef7280a6]
../bt/src/or/tor(+0x105095)[0x7f38ef7af095]
../bt/src/or/tor(+0x109298)[0x7f38ef7b3298]
../bt/src/or/tor(connection_dir_reached_eof+0x29)[0x7f38ef7b4db9]
../bt/src/or/tor(+0xea9fb)[0x7f38ef7949fb]
../bt/src/or/tor(+0x40a31)[0x7f38ef6eaa31]
/usr/lib/x86_64-linux-gnu/libevent-2.0.so.5(event_base_loop+0x7fc)[0x7f38eed333dc]
../bt/src/or/tor(do_main_loop+0x274)[0x7f38ef6eb9f4]
../bt/src/or/tor(tor_main+0x1b95)[0x7f38ef6ef155]
../bt/src/or/tor(main+0x19)[0x7f38ef6e74c9]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f38ed8dbb45]
../bt/src/or/tor(+0x3d519)[0x7f38ef6e7519]

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by weasel

e1:[git|maint-0.2.8] weasel@defiant:~/projects/tor/tor/bt$ make -j4 >/dev/null &&  ../bt/src/or/tor --SandBox 1 --OrPort 1930 --PublishServerDescriptor 0 --socksport 19050 --log 'debug stdout' --address 86.59.30.37  2>&1 | egrep -i 'weasel:|sandbox'
Jul 10 21:35:24.000 [info] tor_main(): weasel: enabling sandboxing.
Jul 10 21:35:24.000 [info] tor_open_socket_with_extensions(): weasel: opening a socket with domain 2, type|flags 00000002|00080000 == 00080002, and proto 17
(Sandbox) Caught a bad syscall attempt (syscall socket)

comment:2 Changed 3 years ago by weasel

Status: newneeds_review

my bug19660 branch adds (SOCK_DGRAM, IPPROTO_UDP) to the sandboxing whitelist.

comment:3 Changed 3 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Merged to maint-0.2.8!

Note: See TracTickets for help on using tickets.