tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit b9d81282e0dbfdae795b38c26879716d7860bcf9
parent 72376378714fef727004830157da79be97821a60
Author: Peter Gerber <pgerber@tocco.ch>
Date:   Sun,  5 Jan 2020 15:48:54 +0100

Fix sandbox crash during reload of logging configuration

Allow calls to dup() which was introduced in commit a22fbab986.

From a security perspective, I don't think this should impact the
security of the sandbox significantly. As far as I can tell, there
is nothing an adversary can do with a duplicated FD that can't be
done with the original.

Diffstat:

Achanges/bug32877 | 4++++


Msrc/lib/sandbox/sandbox.c | 1+


2 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/changes/bug32877 b/changes/bug32877
@@ -0,0 +1,4 @@
+o Minor bugfixes (linux seccomp sandbox):
+  - Fix crash when reloading logging configuration while the
+    experimental sandbox is enabled. Fixes bug 29150; bugfix
+    on 0.4.1.7. Patch by Peter Gerber.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
@@ -143,6 +143,7 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clock_gettime),
     SCMP_SYS(close),
     SCMP_SYS(clone),
+    SCMP_SYS(dup),
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
 #ifdef __NR_epoll_pwait