diff options
author | Alexander Færøy <ahf@torproject.org> | 2021-11-08 14:12:22 +0000 |
---|---|---|
committer | Alexander Færøy <ahf@torproject.org> | 2021-11-08 14:12:22 +0000 |
commit | fe52c876522b74167f6bd288270d738083461b6b (patch) | |
tree | 68c201777a006557b00ff369a98928d044c5dad2 | |
parent | 32c45a8f94d855ed0eaadd652b9bb48c12bf8e1d (diff) | |
parent | 94d82baeecb31bdbba76403235f66aad8b6b7eb3 (diff) | |
download | tor-fe52c876522b74167f6bd288270d738083461b6b.tar.gz tor-fe52c876522b74167f6bd288270d738083461b6b.zip |
Merge remote-tracking branch 'tor-gitlab/mr/480' into main
-rw-r--r-- | changes/bug40505 | 5 | ||||
-rw-r--r-- | src/lib/sandbox/sandbox.c | 46 | ||||
-rw-r--r-- | src/test/test_sandbox.c | 9 |
3 files changed, 55 insertions, 5 deletions
diff --git a/changes/bug40505 b/changes/bug40505 new file mode 100644 index 0000000000..5aac2218b1 --- /dev/null +++ b/changes/bug40505 @@ -0,0 +1,5 @@ + o Minor bugfixes (sandbox): + - Fix the sandbox on i386 by modifying it to allow the + "clock_gettime64" and "statx" system calls and to filter the + "chown32" and "stat64" system calls in place of "chown" and + "stat", respectively. Fixes bug 40505; bugfix on 0.2.5.4-alpha.
\ No newline at end of file diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index aed7e3706f..a15f99ad76 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -152,7 +152,11 @@ static sandbox_cfg_t *filter_dynamic = NULL; static int filter_nopar_gen[] = { SCMP_SYS(access), SCMP_SYS(brk), +#ifdef __NR_clock_gettime64 + SCMP_SYS(clock_gettime64), +#else SCMP_SYS(clock_gettime), +#endif SCMP_SYS(close), SCMP_SYS(clone), SCMP_SYS(dup), @@ -248,6 +252,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(sigreturn), #endif SCMP_SYS(stat), +#if defined(__i386__) && defined(__NR_statx) + SCMP_SYS(statx), +#endif SCMP_SYS(uname), SCMP_SYS(wait4), SCMP_SYS(write), @@ -599,6 +606,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } +#ifdef __i386__ +static int +sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && param->syscall + == SCMP_SYS(chown32)) { + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chown32), + SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add chown32 syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} +#else static int sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { @@ -623,6 +656,7 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } +#endif /* defined(__i386__) */ /** * Function responsible for setting up the rename syscall for @@ -1270,7 +1304,11 @@ static sandbox_filter_func_t filter_func[] = { #ifdef __NR_mmap2 sb_mmap2, #endif +#ifdef __i386__ + sb_chown32, +#else sb_chown, +#endif sb_chmod, sb_open, sb_openat, @@ -1544,6 +1582,12 @@ new_element(int syscall, char *value) return new_element2(syscall, value, NULL); } +#ifdef __i386__ +#define SCMP_chown SCMP_SYS(chown32) +#else +#define SCMP_chown SCMP_SYS(chown) +#endif + #ifdef __NR_stat64 #define SCMP_stat SCMP_SYS(stat64) #else @@ -1594,7 +1638,7 @@ sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file) { sandbox_cfg_t *elem = NULL; - elem = new_element(SCMP_SYS(chown), file); + elem = new_element(SCMP_chown, file); elem->next = *cfg; *cfg = elem; diff --git a/src/test/test_sandbox.c b/src/test/test_sandbox.c index e5064c58ec..7ec08a3546 100644 --- a/src/test/test_sandbox.c +++ b/src/test/test_sandbox.c @@ -331,13 +331,14 @@ struct testcase_t sandbox_tests[] = { SANDBOX_TEST_IN_SANDBOX(rename_filename), /* Currently the sandbox is unable to filter stat() calls on systems where - * glibc implements this function using the legacy "stat" system call, or where - * glibc version 2.33 or later is in use and the newer "newfstatat" syscall is - * available. + * glibc implements this function using either of the legacy "stat" or "stat64" + * system calls, or (in glibc version 2.33 and later) either of the newer + * "newfstatat" or "statx" syscalls. * * Skip testing sandbox_cfg_allow_stat_filename() if it seems the likely the * function will have no effect and the test will therefore not succeed. */ -#if !defined(__NR_newfstatat) && (!defined(__NR_stat) || defined(__NR_stat64)) +#if !defined(__NR_stat) && !defined(__NR_stat64) && !defined(__NR_newfstatat) \ + && !(defined(__i386__) && defined(__NR_statx)) SANDBOX_TEST_IN_SANDBOX(stat_filename), #else SANDBOX_TEST_SKIPPED(stat_filename), |