Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#22853 closed defect (fixed)

Something in selfrando is totally braindamaged.

Reported by: yawning Owned by: yawning
Priority: Medium Milestone:
Component: Archived/Tor Browser Sandbox Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Reported on the blog at: https://blog.torproject.org/comment/269741#comment-269741

Root cause:

openat(AT_FDCWD, "/proc/self/environ", O_RDONLY) = -1 ENOENT (No such file or directory)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)
read(-2, 0x7ffc35bb47e0, 32)            = -1 EBADF (Bad file descriptor)

... (repeat ad infinitum)

So, fallout from #20773.

Child Tickets

Change History (3)

comment:2 Changed 2 years ago by yawning

Summary: Something in Ubuntu's libraries is totally brain damaged.Something in selfrando is totally braindamaged.

This bothered me so I dug into it a bit more. This is a selfrando bug.

https://github.com/immunant/selfrando/blob/master/src/RandoLib/posix/bionic/upstream-openbsd/getenv.c#L56

    int fd = _TRaP_libc_open("/proc/self/environ", O_RDONLY);
    if (fd == -1)
return;

https://github.com/immunant/selfrando/blob/master/src/RandoLib/posix/bionic/arch-x86_64/syscalls/__openat.S

#include <private/bionic_asm.h>

ENTRY(__openat)
    movq    %rcx, %r10
#ifdef __NR_openat
    movl    $__NR_openat, %eax
    syscall
#else
    mov     $-ENOSYS, %eax
#endif
    ret
END(__openat)
.hidden _TRaP_libc___openat

errno is a libc-ism, and syscalls return everything via %rax. So the check for success should be if (fd < 0).

comment:3 Changed 2 years ago by yawning

https://github.com/immunant/selfrando/commit/c619441e1ceec3599bc81bf9bbaf4d17c68b54b7#commitcomment-22980180

Fixed in upstream. Under the assumption that all subsequent Tor Browser builds will have a newer SelfRando, I went and limited the workaround to "alphas <= 7.5a2".

Note: See TracTickets for help on using tickets.