| Age | Commit message (Collapse) | Author |
|---|
|
This reverts commit 9a06282546418b2e9d21559d4853bcf124b953f4.
It appears that I misunderstood how the seccomp2 filter rules
interact. It appears that `SCMP_ACT_ERRNO()` always takes
precedence over `SCMP_ACT_ALLOW()` -- I had thought instead that
earlier rules would override later ones. But this change caused bug
25115 (not in any released Tor).
|
|
Previously, most disallowed open(O_RDONLY) attempts would EACCES,
but others would fail with a crash.
|
|
|
|
Fixes ticket 24424. Patch from weasel.
|
|
|
|
(It can't fail because the tor_malloc*() family of functions can
never return NULL)
Found with STACK
|
|
|
|
|
|
|
|
|
|
'public/bug24198_029' into maint-0.3.2
|
|
|
|
There are three changes here:
* We need to allow epoll_pwait.
* We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
* We need to use openat() instead of open().
Note that this fix is not complete, since the openat() change is
turned off. The next commit will make the openat() change happen
when we're running glibc 2.26 or later.
Fix for 24315.
|
|
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.
Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
|
|
|
|
Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.
But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.
I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.
First step towards 23848.
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
There are two reasons this is likeliest to happen -- no kernel
support, and some bug in Tor. We'll ask people to check the former
before they report. Closes 23090.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes bug 20247. We started setting V6ONLY in 0.2.3.13-alpha and
added the sandbox on 0.2.5.1-alpha.
|
|
Fixes #22750.
|
|
This patch fixes a crash in our LZMA module where liblzma will allocate
slightly more data than it is allowed to by its limit, which leads to a
crash.
See: https://bugs.torproject.org/22751
|
|
|
|
|
|
Fixes bug 22516; bugfix on 0.2.5.4-alpha.
|
|
|
|
|
|
Increase the maximum allowed size passed to mprotect(PROT_WRITE)
from 1MB to 16MB. This was necessary with the glibc allocator
in order to allow worker threads to allocate more memory --
which in turn is necessary because of our new use of worker
threads for compression.
Closes ticket #22096. Found while working on #21648.
|
|
We hadn't needed this before, because most getpid() callers on Linux
were looking at the vDSO version of getpid(). I don't know why at
least one version of OpenSSL seems to be ignoring the vDSO, but this
change should fix it.
Fixes bug 21943; bugfix on 0.2.5.1-alpha when the sandbox was
introduced.
|
|
|
|
|
|
|
|
Patch from cypherpunks. Fixes bug 20710; bugfix on 0.2.5.5-alpha.
|
|
Permit sched_yield() and sigaltstack() in the sandbox.
Closes ticket 20063
|
|
Closes ticket 19942; patch from "cypherpunks"
|
|
|
|
It says, 'Incorrect expression (IDENTICAL_BRANCHES)'
Fix for CID 1364127. Not in any released Tor.
|
|
|
|
|
|
|
|
|
|
If we did not find a non-private IPaddress by iterating over interfaces,
we would try to get one via
get_interface_address6_via_udp_socket_hack(). This opens a datagram
socket with IPPROTO_UDP. Previously all our datagram sockets (via
libevent) used IPPROTO_IP, so we did not have that in the sandboxing
whitelist. Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing
whitelist. Fixes bug 19660.
|
|
Fixes #18397 which prevented tor starting with Sandbox 1.
|
|
I grepped and hand-inspected the "it's" instances, to see if any
were supposed to be possessive. While doing that, I found a
"the the", so I grepped to see if there were any more.
|
