Opened 7 weeks ago

Last modified 6 weeks ago

#29659 needs_review defect

WARNING torsocks[6254]: [syscall] Unsupported syscall number 39. Denying the call (in tsocks_syscall() at syscall.c:605)

Reported by: tu8367 Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Following the suggestion to make a ticket at https://stackoverflow.com/questions/46634215/torsocks-and-unsupported-syscalls, which is about a non related issue:

The below warning is with torsocks 2.3.0:

WARNING torsocks[6254]: [syscall] Unsupported syscall number 39. Denying the call (in tsocks_syscall() at syscall.c:605)

Child Tickets

TicketStatusOwnerSummaryComponent
#29769newdgoulet[syscall] Unsupported syscall number 316. Denying the call (in tsocks_syscall() at syscall.c:615)Core Tor/Torsocks

Change History (8)

comment:1 Changed 7 weeks ago by teor

Component: Core TorCore Tor/Torsocks
Owner: set to dgoulet
Version: Tor: 0.3.5.8

comment:2 Changed 7 weeks ago by onirony

Status: newneeds_information

That is my StackOverflow answer! I'm glad it's leading people to the right place.

Are you on 64bit Linux? If so, syscall 39 is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/sys.c#n882. I can't conceive of this system call being problematic (although someone please correct me if I'm missing something), and the patch should be straightforward. I'll get started on it tomorrow and update here when it's ready.

Thanks for taking the time to report this!

comment:3 Changed 7 weeks ago by dgoulet

Indeed... the getpid() syscall (39 on 64 bit) is harmless. We can easily whitelist it.

comment:4 Changed 6 weeks ago by onirony

Status: needs_informationneeds_review

Thanks dgoulet, here's a patch for this on Gitlab: https://gitlab.com/seisvelas/torsocks/tree/fix_getpid

And the commit itself:
https://gitlab.com/seisvelas/torsocks/commit/54db444d70b3307546e87c32658c58953a2b11b3

I tested this on 64bit Ubuntu with the following code:

#include <unistd.h>
#include <stdio.h>

int main(void) {
        printf("%d\n", (int)syscall(39)); // lazy
        return 0;
}

With standard Torsocks, I reproduced tu8367's error:

me@myDesktop:~$ torsocks ./a.out 
1552119175 WARNING torsocks[2784]: [syscall] Unsupported syscall number 39. Denying the call (in tsocks_syscall() at syscall.c:605)
-1

Then, applying my patch, it works:

me@myDesktop:~$ git clone -q -b fix_getpid https://gitlab.com/seisvelas/torsocks.git

... build Torsocks ...

me@myDesktop:~$ torsocks ./a.out
8837

Success! Let me know if I need to modify anything before the patch can be accepted!

comment:5 Changed 6 weeks ago by tu8367

Thank you.
I am on 64bit Linux.
I have compiled torsocks with this getpid patch. The application works with it. But I am not sure about the exact circumstances the application turned that warning on in the first place. I can not test torsocks with the application at that same circumstances again. Neither I can test it in other circumstances where I am sure it will call getpid(). The best I can offer is to wait a couple of months, and if the warning doesn't turned on again I will assume similar circumstances were there during that time, and the patch managed to do its work.
I guess that your analysis of the getpid system call can't conceivebly being problematic, and the simple test you run, might serve as other considerations for the correctness of the patch.

comment:6 in reply to:  5 ; Changed 6 weeks ago by onirony

Replying to tu8367:

I have compiled torsocks with this getpid patch. The application works with it. But I am not sure about the exact circumstances the application turned that warning on in the first place. I can not test torsocks with the application at that same circumstances again.

If the application is open source and you tell me the name, I can exegesize the application's source code and find out exactly how/when it calls getpid and thereby learn how to recreate the error exactly.

But I'm fairly confident you won't see this error again for this syscall using my patch :)

comment:7 Changed 6 weeks ago by tu8367

Last edited 6 weeks ago by tu8367 (previous) (diff)

comment:8 in reply to:  6 Changed 6 weeks ago by tu8367

Replying to onirony:

Replying to tu8367:

I have compiled torsocks with this getpid patch. The application works with it. But I am not sure about the exact circumstances the application turned that warning on in the first place. I can not test torsocks with the application at that same circumstances again.

If the application is open source and you tell me the name, I can exegesize the application's source code and find out exactly how/when it calls getpid and thereby learn how to recreate the error exactly.

But I'm fairly confident you won't see this error again for this syscall using my patch :)

Either pacman, or pacmatic. I am not sure which one I used when the warning appeared. pacman is the native archlinux package manager. pacmatic is a wrapper for pacman.

Note: See TracTickets for help on using tickets.