diff options
| author | Daniel Pinto <danielpinto52@gmail.com> | 2020-07-01 23:51:39 +0100 |
|---|---|---|
| committer | Daniel Pinto <danielpinto52@gmail.com> | 2020-07-20 22:30:13 +0100 |
| commit | d28bfb2cd5665c38bd14d6a72848209dcd66faf9 (patch) | |
| tree | ff8a5439840bea058a23ae26236b91926023d7af /changes/bug40020 | |
| parent | c79b4397d3839b77e85ceccc5a948f58c9fe37e6 (diff) | |
| download | tor-d28bfb2cd5665c38bd14d6a72848209dcd66faf9.tar.gz tor-d28bfb2cd5665c38bd14d6a72848209dcd66faf9.zip | |
Fix seccomp sandbox rules for opening directories #40020
Different versions of glibc use either open or openat for the
opendir function. This commit adds logic to use the correct rule
for each glibc version, namely:
- Until 2.14 open is used
- From 2.15 to to 2.21 openat is used
- From 2.22 to 2.26 open is used
- From 2.27 onwards openat is used
Diffstat (limited to 'changes/bug40020')
| -rw-r--r-- | changes/bug40020 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug40020 b/changes/bug40020 new file mode 100644 index 0000000000..ca6ee2b85b --- /dev/null +++ b/changes/bug40020 @@ -0,0 +1,9 @@ + o Minor bugfixes (linux seccomp2 sandbox): + - Makes the seccomp sandbox allow the correct syscall for opendir + according to the running glibc version. The opendir function + either uses open or openat but the current code does not + differenciate between opendir and open calls. This adds a new + seccomp sandbox rule for opendir. This fixes crashes when + reloading torrc with sandbox enabled when running on glibc + 2.15 to 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; + bugfix on 0.3.5.11. |