diff options
author | Daniel Pinto <danielpinto52@gmail.com> | 2020-11-13 01:08:56 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-12-08 15:00:43 -0500 |
commit | bd0046c9ec5bf6556d4ecf6b111b0de4c0266ebd (patch) | |
tree | 0f4dbe1bae43e053e49c9cee5865bdaff20f0116 /src/lib | |
parent | baef0843a424116026f3f97185dae89271903041 (diff) | |
download | tor-bd0046c9ec5bf6556d4ecf6b111b0de4c0266ebd.tar.gz tor-bd0046c9ec5bf6556d4ecf6b111b0de4c0266ebd.zip |
Avoid sandbox bug warning when unglobbing patterns #40094
Adds a more user-friendly error message when the configuration is
reloaded and a new %include is added that makes its unglobbing
access files/folders not allowed by the seccomp sandbox.
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/fs/conffile.c | 6 | ||||
-rw-r--r-- | src/lib/fs/path.c | 15 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c index acd8dfb8cc..0d0bdf09a6 100644 --- a/src/lib/fs/conffile.c +++ b/src/lib/fs/conffile.c @@ -23,6 +23,7 @@ #include "lib/string/printf.h" #include <stdbool.h> +#include <errno.h> static smartlist_t *config_get_file_list(const char *path, smartlist_t *opened_files); @@ -68,6 +69,11 @@ expand_glob(const char *pattern, smartlist_t *opened_files) smartlist_t *matches = tor_glob(pattern); if (!matches) { + if (errno == EPERM) { + log_err(LD_CONFIG, "Sandbox is active, but the configuration pattern " + "\"%s\" listed with %%include would access files or folders not " + "allowed by it. Cannot proceed.", pattern); + } return NULL; } diff --git a/src/lib/fs/path.c b/src/lib/fs/path.c index 2eef4bded7..af421d0413 100644 --- a/src/lib/fs/path.c +++ b/src/lib/fs/path.c @@ -537,6 +537,10 @@ unglob_win32(const char *pattern, int prev_sep, int next_sep) static DIR * prot_opendir(const char *name) { + if (sandbox_interned_string_is_missing(name)) { + errno = EPERM; + return NULL; + } return opendir(sandbox_intern_string(name)); } @@ -544,6 +548,10 @@ prot_opendir(const char *name) static int prot_stat(const char *pathname, struct stat *buf) { + if (sandbox_interned_string_is_missing(pathname)) { + errno = EPERM; + return -1; + } return stat(sandbox_intern_string(pathname), buf); } @@ -551,6 +559,10 @@ prot_stat(const char *pathname, struct stat *buf) static int prot_lstat(const char *pathname, struct stat *buf) { + if (sandbox_interned_string_is_missing(pathname)) { + errno = EPERM; + return -1; + } return lstat(sandbox_intern_string(pathname), buf); } /** As closedir, but has the right type for gl_closedir */ @@ -563,7 +575,8 @@ wrap_closedir(void *arg) /** Return a new list containing the paths that match the pattern * <b>pattern</b>. Return NULL on error. On POSIX systems, errno is set by the - * glob function. + * glob function or is set to EPERM if glob tried to access a file not allowed + * by the seccomp sandbox. */ struct smartlist_t * tor_glob(const char *pattern) |