tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 9d06e8aa72d522f7a9c80efa3a0d8e36fbc2824a
parent d502b269d05beb0d575eea1d79d3ce4c5e71f4fd
Author: David Goulet <dgoulet@torproject.org>
Date:   Mon,  1 Dec 2025 18:43:31 +0000

Merge branch 'KernelKraze/fix-sandbox-lstat-i386' into 'main'

sandbox: Allow fstatat64, statx and lstat64 syscalls on i386  for glibc 2.33+

See merge request tpo/core/tor!958
Diffstat:

Achanges/bug_sandbox_lstat64 | 9+++++++++


Msrc/lib/sandbox/sandbox.c | 23+++++++++++++++++++++++


2 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/changes/bug_sandbox_lstat64 b/changes/bug_sandbox_lstat64
@@ -0,0 +1,9 @@
+  o Minor features (linux seccomp2 sandbox):
+    - Allow the fstatat64 and statx syscalls on i386 architecture when
+      glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
+      for stat operations, and statx for time64 support. Without this,
+      SIGHUP configuration reload fails when using sandbox mode with
+      %include directives on i386 with Debian Bookworm or newer.
+    - Allow the lstat64 syscall on i386 architecture. This syscall is used
+      by glob() in glibc 2.36+ when processing %include directives with
+      directory patterns.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
@@ -289,6 +289,10 @@ static int filter_nopar_gen[] = {
     // getaddrinfo uses this..
     SCMP_SYS(stat64),
 #endif
+#ifdef __NR_lstat64
+    // glob uses this on i386 with glibc 2.36+
+    SCMP_SYS(lstat64),
+#endif
 
 #ifdef __NR_getrandom
     SCMP_SYS(getrandom),
@@ -2022,6 +2026,25 @@ add_noparam_filter(scmp_filter_ctx ctx)
           "received libseccomp error %d", rc);
       return rc;
     }
+#elif defined(__NR_fstatat64)
+    // On i386, glibc uses fstatat64 instead of newfstatat.
+    // This is needed for glob() and stat() operations on 32-bit systems.
+    rc = seccomp_rule_add_0(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstatat64));
+    if (rc != 0) {
+      log_err(LD_BUG,"(Sandbox) failed to add fstatat64() syscall; "
+          "received libseccomp error %d", rc);
+      return rc;
+    }
+#endif
+#if defined(__i386__) && defined(__NR_statx)
+    // On i386 with glibc 2.33+, statx may be used for time64 support.
+    // glob() in glibc 2.36+ uses statx for directory traversal.
+    rc = seccomp_rule_add_0(ctx, SCMP_ACT_ALLOW, SCMP_SYS(statx));
+    if (rc != 0) {
+      log_err(LD_BUG,"(Sandbox) failed to add statx() syscall; "
+          "received libseccomp error %d", rc);
+      return rc;
+    }
 #endif
   }