Opened 5 months ago

Closed 5 months ago

#21943 closed defect (fixed)

(Sandbox) Caught a bad syscall attempt (syscall getpid)

Reported by: ageisp0lis Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version: Tor: 0.2.9.10
Severity: Normal Keywords: sandbox seccomp2 getpid 029-backport 030-backport AffectsTails
Cc: Actual Points: .1
Parent ID: Points: .1
Reviewer: Sponsor:

Description

Tor version: 0.2.9.10-1
Debian sid 4.9.0-2-amd64

(Sandbox) Caught a bad syscall attempt (syscall getpid)
/usr/bin/tor(+0x16146a)[0x560e7566046a]
/lib/x86_64-linux-gnu/libc.so.6(getpid+0x7)[0x7fab93288d87]
/lib/x86_64-linux-gnu/libc.so.6(getpid+0x7)[0x7fab93288d87]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x18ca17)[0x7fab93d60a17]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0xc7471)[0x7fab93c9b471]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(BN_generate_prime_ex+0x4f7)[0x7fab93c9a577]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(RSA_generate_key_ex+0x177)[0x7fab93d67e97]
/usr/bin/tor(crypto_pk_generate_key_with_bits+0xb5)[0x560e75666e15]
/usr/bin/tor(init_keys_client+0x39)[0x560e75582ef9]
/usr/bin/tor(init_keys+0x3c)[0x560e7558738c]
/usr/bin/tor(do_main_loop+0x4f)[0x560e7554267f]
/usr/bin/tor(tor_main+0x1c25)[0x560e75546295]
/usr/bin/tor(main+0x19)[0x560e7553e2a9]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fab931f02b1]
/usr/bin/tor(_start+0x2a)[0x560e7553e2fa]

Child Tickets

Change History (9)

comment:1 Changed 5 months ago by arma

Component: - Select a componentCore Tor/Tor

comment:2 Changed 5 months ago by nickm

Keywords: seccomp2 getpid added
Milestone: Tor: 0.3.1.x-final

What version of OpenSSL were you using?

comment:3 Changed 5 months ago by nickm

Owner: set to nickm
Points: .1
Status: newaccepted

comment:4 Changed 5 months ago by nickm

Actual Points: .1
Keywords: 029-backport 030-backport added

My branch bug21943_029 fixes this, I believe. I think the reason we haven't run into this before is that most getpid() callers on Linux use the vdso version of getpid() rather than the syscall. I don't know why this particular version of openssl is doing the syscall instead, but the patch should fix it.

Possible backport.

comment:5 Changed 5 months ago by nickm

Status: acceptedneeds_review

comment:6 Changed 5 months ago by anonym

Keywords: AffectsTails added

This affects Tails: in our automated test suite setup, this prevents all Chutney nodes from starting (unless we disable sandboxing in torrc_templates/common.i). A backport to 3.x would be appreciated!

comment:7 Changed 5 months ago by nickm

anonym: Can you confirm that this patch fixes it for you?

comment:8 Changed 5 months ago by dgoulet

Status: needs_reviewmerge_ready

lgtm;

comment:9 Changed 5 months ago by nickm

Milestone: Tor: 0.3.1.x-finalTor: 0.2.9.x-final
Resolution: fixed
Status: merge_readyclosed

Merged to 0.2.9 and forwards. Thanks!

Note: See TracTickets for help on using tickets.