tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 0e5378feeca5d67b7e8f5550eaf7fcd87b8f59ea
parent 46796623f995c5b63d5cfbda1a038d9f6158ec90
Author: Nick Mathewson <nickm@torproject.org>
Date:   Mon, 12 Nov 2018 08:23:58 -0500

seccomp2: Add "shutdown" to the list of permitted system calls.

We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.

Diffstat:

Achanges/bug28183 | 4++++


Msrc/common/sandbox.c | 2+-


2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/bug28183 b/changes/bug28183
@@ -0,0 +1,4 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Permit the "shutdown()" system call, which is apparently
+      used by OpenSSL under some circumstances. Fixes bug 28183;
+      bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
@@ -205,6 +205,7 @@ static int filter_nopar_gen[] = {
 #ifdef __NR_setrlimit
     SCMP_SYS(setrlimit),
 #endif
+    SCMP_SYS(shutdown),
 #ifdef __NR_sigaltstack
     SCMP_SYS(sigaltstack),
 #endif
@@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void)
 {
 }
 #endif
-