Opened 4 months ago

Last modified 3 days ago

#24454 accepted defect

sandbox failure on arm64

Reported by: weasel Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Normal Keywords: 033-must, crash, sandbox, 033-triage-20180320, 033-included-20180320
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


With #24424 fixed, Tor builds but it still does not run:

$ ./src/or/tor Sandbox 1
Nov 28 08:35:29.521 [notice] Tor (git-d499a5a708f7298b) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.3.2.
Nov 28 08:35:29.521 [notice] Tor can't help you if you use it wrong! Learn how to be safe at
Nov 28 08:35:29.521 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Nov 28 08:35:29.521 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults.
Nov 28 08:35:29.525 [notice] Scheduler type KIST has been enabled.
Nov 28 08:35:29.525 [notice] Opening Socks listener on
Nov 28 08:35:30.000 [notice] Bootstrapped 0%: Starting

============================================================ T= 1511858130
(Sandbox) Caught a bad syscall attempt (syscall unlinkat)

under strace:

$ strace -f ./src/or/tor DisableDebuggerAttachment 0 Sandbox 1
getpid()                                = 25468
getpid()                                = 25468
write(1, "Nov 28 08:36:05.000 [notice] Boo"..., 55Nov 28 08:36:05.000 [notice] Bootstrapped 0%: Starting
) = 55
unlinkat(AT_FDCWD, "/home/weasel/.tor/key-pinning-entries", 0) = -1 ENETDOWN (Network is down)
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0xffffa45d253c, si_syscall=__NR_unlinkat, si_arch=AUDIT_ARCH_AARCH64} ---
write(1, "\n==============================="..., 64
============================================================ T=) = 64
write(1, " 1511858165", 11 1511858165)             = 11
write(1, "\n", 1
)                       = 1
write(1, "(Sandbox) Caught a bad syscall a"..., 48(Sandbox) Caught a bad syscall attempt (syscall ) = 48

Child Tickets

Change History (11)

comment:1 Changed 4 months ago by weasel

With this, it finally bootstraps.

--- /home/weasel/sandbox.c      2017-11-28 08:24:23.807897308 +0000                  
+++ src/common/sandbox.c        2017-11-28 08:40:18.205657824 +0000
@@ -258,7 +258,12 @@
-    SCMP_SYS(unlink)
+    SCMP_SYS(unlink),
+    SCMP_SYS(unlinkat),
+    SCMP_SYS(newfstatat),
+    SCMP_SYS(openat),
+    SCMP_SYS(ppoll),
+    SCMP_SYS(renameat)
 /* These macros help avoid the error where the number of filters we add on a

Note that I don't think this patch should be applied as is. (It allows openat unrestricted for instance.)

comment:2 Changed 4 months ago by catalyst

Milestone: Tor: 0.3.2.x-final

comment:3 Changed 4 months ago by nickm

Owner: set to nickm
Status: newaccepted

comment:4 Changed 3 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:5 Changed 4 weeks ago by nickm

Keywords: 033-maybe-must added

Mark some tickets as possibly belonging in 033-must.

comment:6 Changed 4 weeks ago by nickm

Keywords: 033-must added; 033-maybe-must removed

move 033-maybe-must into 033-must

comment:7 Changed 11 days ago by bundesgebaermutter

Will this also work on 32-bit ARM?

comment:8 Changed 3 days ago by nickm

Keywords: crash sandbox added

comment:9 Changed 3 days ago by nickm

So, we can allow unlinkat and newfstatat and ppoll without additional trouble. And I *hope* that the #24315 change will resolve the openat issue.

I have a branch bug24454_029, incorporating my patch for #25313, that allows these syscalls.

The renameat() issue is trickier, and might require that we reproduce some of the logic behind the openat() changes in #24315. Tell me, do you know what options the renameat() code in libc is using? Is it always passing AT_FDCWD like the openat() code uses, or is it doing something more complicated?

comment:10 Changed 3 days ago by nickm

Keywords: 033-triage-20180320 added

Marking all tickets reached by current round of 033 triage.

comment:11 Changed 3 days ago by nickm

Keywords: 033-included-20180320 added

Mark 033-must tickets as triaged-in for 0.3.3

Note: See TracTickets for help on using tickets.