Opened 16 months ago

Last modified 12 months ago

#24339 new enhancement

(Sandbox) Caught a bad syscall attempt (syscall mprotect) (asan only)

Reported by: dgoulet Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: sandbox, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by dgoulet)

Trace is:

/usr/lib/x86_64-linux-gnu/libasan.so.4(+0x558c0)[0x7f6e71f908c0]
/lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x13150)[0x7f6e70a72150]
/lib/x86_64-linux-gnu/libc.so.6(mprotect+0x7)[0x7f6e6fa6ccf7]
/lib/x86_64-linux-gnu/libpthread.so.0(pthread_create+0x89b)[0x7f6e70a6737b]
/usr/lib/x86_64-linux-gnu/libasan.so.4(pthread_create+0xf9)[0x7f6e71f72db9]
git/tor/src/or/tor(spawn_func+0x117)[0x55673b5a52c7]
git/tor/src/or/tor(threadpool_new+0x539)[0x55673b5a3499]
git/tor/src/or/tor(cpu_init+0xb7)[0x55673b485917]
git/tor/src/or/tor(do_main_loop+0x7fa)[0x55673b1a047a]
git/tor/src/or/tor(tor_main+0x143d)[0x55673b1a579d]
git/tor/src/or/tor(main+0x1c)[0x55673b1922bc]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f6e6f97f1c1]
git/tor/src/or/tor(_start+0x2a)[0x55673b1940ba]

strace shows me:

20085 mprotect(0x7f6e6b9bf000, 8388608, PROT_READ|PROT_WRITE) = 10
20085 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x7f6e6fa6ccf7, si_syscall=__NR_mprotect, si_arch=AUDIT_ARCH_X86_64} ---

Basically, our sandbox doesn't allow PROT_READ|PROT_WRITE. Libc is 2.26.

Child Tickets

Change History (8)

comment:1 Changed 16 months ago by dgoulet

Description: modified (diff)

comment:2 Changed 16 months ago by nickm

Does this only happen with asan enabled, or does it happen without?

comment:3 Changed 16 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

Assuming it's asan-only, deferring this to 0.3.3. But please move back if it happens without asan.

comment:4 Changed 16 months ago by dgoulet

Only libasan, yes.

comment:5 Changed 14 months ago by ahf

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final
Summary: (Sandbox) Caught a bad syscall attempt (syscall mprotect)(Sandbox) Caught a bad syscall attempt (syscall mprotect) (asan only)
Type: defectenhancement

Moving to 0.3.4

comment:6 Changed 12 months ago by nickm

Keywords: 034-triage-20180328 added

comment:7 Changed 12 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:8 Changed 12 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.