[tor-commits] [doctor/master] Dynamically get package versions from the wiki
commit d7c1caadb5af4431ad8bafb54bbb1fb716b88a68 Author: Damian JohnsonDate: Sun Feb 11 19:15:45 2018 -0800 Dynamically get package versions from the wiki The biggest time sync for me to keep this wiki up to date is bumping versions in this DocTor script. It's brittle, but instead having this script get the current versions on the wiki first so all I need to do to update is fix the wiki. --- package_versions.py | 161 +++- 1 file changed, 121 insertions(+), 40 deletions(-) diff --git a/package_versions.py b/package_versions.py index 6c6e3f6..aa10bad 100755 --- a/package_versions.py +++ b/package_versions.py @@ -26,57 +26,58 @@ NETBSD_VERSION = 'CURRENT, Version: ([0-9\.]+),' COLUMN = '| %-10s | %-10s | %-10s | %-50s |' DIV = '+%s+%s+%s+%s+' % ('-' * 12, '-' * 12, '-' * 12, '-' * 52) +TRAC_URL = 'https://trac.torproject.org/projects/tor/wiki/doc/packages' -Package = collections.namedtuple('Package', ['platform', 'url', 'version', 'regex']) +Package = collections.namedtuple('Package', ['platform', 'url', 'regex']) PACKAGES = [ ('tor', [ -Package('mac', 'https://raw.githubusercontent.com/Homebrew/homebrew-core/master/Formula/tor.rb', '0.3.2.9', 'tor-([0-9\.]+).tar.gz'), -Package('debian', 'https://packages.debian.org/sid/tor', '0.3.2.9', DEBIAN_VERSION), -Package('fedora', 'https://apps.fedoraproject.org/packages/tor', '0.3.2.9', FEDORA_VERSION), -Package('gentoo', 'https://packages.gentoo.org/packages/net-vpn/tor', '0.3.2.9', None), -Package('archlinux', 'https://www.archlinux.org/packages/community/x86_64/tor/', '0.3.2.9', ARCH_LINUX_VERSION), -Package('slackware', 'https://slackbuilds.org/repository/14.2/network/tor/', '0.3.2.9', 'tor-([0-9\.]+).tar.gz'), -Package('freebsd', 'https://www.freshports.org/security/tor/', '0.3.2.9', FREEBSD_VERSION), -Package('openbsd', 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/Makefile?rev=HEAD=text/x-cvsweb-markup', '0.3.2.9', OPENBSD_DIST_VERSION), -Package('netbsd', 'http://pkgsrc.se/net/tor', '0.3.2.9', NETBSD_VERSION), +Package('mac', 'https://raw.githubusercontent.com/Homebrew/homebrew-core/master/Formula/tor.rb', 'tor-([0-9\.]+).tar.gz'), +Package('debian', 'https://packages.debian.org/sid/tor', DEBIAN_VERSION), +Package('fedora', 'https://apps.fedoraproject.org/packages/tor', FEDORA_VERSION), +Package('gentoo', 'https://packages.gentoo.org/packages/net-vpn/tor', None), +Package('archlinux', 'https://www.archlinux.org/packages/community/x86_64/tor/', ARCH_LINUX_VERSION), +Package('slackware', 'https://slackbuilds.org/repository/14.2/network/tor/', 'tor-([0-9\.]+).tar.gz'), +Package('freebsd', 'https://www.freshports.org/security/tor/', FREEBSD_VERSION), +Package('openbsd', 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/Makefile?rev=HEAD=text/x-cvsweb-markup', OPENBSD_DIST_VERSION), +Package('netbsd', 'http://pkgsrc.se/net/tor', NETBSD_VERSION), ]), ('nyx', [ -Package('gentoo', 'https://packages.gentoo.org/packages/net-misc/nyx', '2.0.4', None), -Package('archlinux', 'https://aur.archlinux.org/packages/nyx/', '2.0.4', AUR_VERSION), -Package('slackware', 'https://slackbuilds.org/repository/14.2/python/nyx/', '2.0.4', 'nyx-([0-9\.]+).tar.gz'), -Package('freebsd', 'https://www.freshports.org/security/nyx/', '2.0.4', FREEBSD_VERSION), -Package('openbsd', 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/nyx/Makefile?rev=HEAD=text/x-cvsweb-markup', '2.0.4', OPENBSD_EGG_VERSION), +Package('gentoo', 'https://packages.gentoo.org/packages/net-misc/nyx', None), +Package('archlinux', 'https://aur.archlinux.org/packages/nyx/', AUR_VERSION), +Package('slackware', 'https://slackbuilds.org/repository/14.2/python/nyx/', 'nyx-([0-9\.]+).tar.gz'), +Package('freebsd', 'https://www.freshports.org/security/nyx/', FREEBSD_VERSION), +Package('openbsd', 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/nyx/Makefile?rev=HEAD=text/x-cvsweb-markup', OPENBSD_EGG_VERSION), ]), ('stem', [ -Package('debian', 'https://packages.debian.org/sid/python-stem', '1.6.0', DEBIAN_VERSION), -Package('fedora', 'https://apps.fedoraproject.org/packages/python-stem', '1.6.0', FEDORA_VERSION), -Package('gentoo', 'https://packages.gentoo.org/packages/net-libs/stem', '1.6.0', None), -Package('archlinux', 'https://aur.archlinux.org/packages/stem/', '1.6.0', AUR_VERSION), -Package('slackware', 'https://slackbuilds.org/repository/14.2/python/stem/', '1.6.0', 'stem-([0-9\.]+).tar.gz'), -Package('freebsd', 'https://www.freshports.org/security/py-stem/', '1.6.0', FREEBSD_VERSION), -Package('openbsd', 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/py-stem/Makefile?rev=HEAD=text/x-cvsweb-markup', '1.6.0', OPENBSD_EGG_VERSION), +Package('debian',
[tor-commits] [doctor/master] Track txtorcon's archlinux version
commit 33df762f055c718d3604061bc30986b2731ae76c Author: Damian JohnsonDate: Sun Feb 11 19:22:32 2018 -0800 Track txtorcon's archlinux version --- package_versions.py | 1 + 1 file changed, 1 insertion(+) diff --git a/package_versions.py b/package_versions.py index aa10bad..03282fb 100755 --- a/package_versions.py +++ b/package_versions.py @@ -61,6 +61,7 @@ PACKAGES = [ ('txtorcon', [ Package('debian', 'https://packages.debian.org/sid/python-txtorcon', DEBIAN_VERSION), Package('gentoo', 'https://packages.gentoo.org/packages/dev-python/txtorcon', None), +Package('archlinux', 'https://aur.archlinux.org/packages/python-txtorcon/', AUR_VERSION), Package('slackware', 'https://slackbuilds.org/repository/14.2/python/txtorcon/', 'txtorcon-([0-9\.]+).tar.gz'), Package('freebsd', 'https://www.freshports.org/security/py-txtorcon/', FREEBSD_VERSION), ]), ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [doctor/master] Move curling to a helper
commit 22080b3f4b08f05c2c6e2fa841c259620ed66d72 Author: Damian JohnsonDate: Sun Feb 11 18:23:35 2018 -0800 Move curling to a helper No reason to bundle retries and such in the main function. --- package_versions.py | 36 +--- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/package_versions.py b/package_versions.py index 9d56659..6c6e3f6 100755 --- a/package_versions.py +++ b/package_versions.py @@ -83,6 +83,17 @@ PACKAGES = [ log = util.get_logger('package_versions') +def fetch_url(url): + for i in range(3): +try: + return urllib2.urlopen(url, timeout = 5).read() +except Exception as exc: + if i < 2: +time.sleep(2 ** i) + else: +raise IOError(str(exc)) + + def gentoo_version(request): # Unlike other platforms gentoo lists all package versions, so we # need to figure out what's the latest. @@ -113,19 +124,9 @@ def email_content(): lines.append(DIV) for package in packages: - request, request_exc = None, None - - for i in range(3): -try: - request = urllib2.urlopen(package.url, timeout = 5).read() - break -except Exception as exc: - request_exc = exc # note exception and retry + try: +request = fetch_url(package.url) - if i != 2: -time.sleep(2 ** i) - - if request: if package.platform == 'gentoo': current_version = gentoo_version(request) else: @@ -140,9 +141,14 @@ def email_content(): else: msg = 'current version is %s but wiki has %s' % (current_version, package.version) has_issue = True - else: -msg = 'unable to retrieve current version: %s' % request_exc -has_issue = True + except IOError as exc: +msg = 'unable to retrieve current version: %s' % exc + +# Gentoo's site fails pretty routinely. No need to generate notices for +# it. + +if package.platform == 'gentoo': + has_issue = True lines.append(COLUMN % (project, package.platform, package.version, msg)) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet_completed] Update translations for tails-openpgp-applet_completed
commit e4afc4d140c18a19b5c82361b219134c16d77889 Author: Translation commit botDate: Mon Feb 12 02:19:45 2018 + Update translations for tails-openpgp-applet_completed --- de/openpgp-applet.pot | 2 +- es/openpgp-applet.pot | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/de/openpgp-applet.pot b/de/openpgp-applet.pot index 0908afd25..1db83ef29 100644 --- a/de/openpgp-applet.pot +++ b/de/openpgp-applet.pot @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2017-09-22 17:51+\n" +"PO-Revision-Date: 2018-02-12 01:57+\n" "Last-Translator: spriver \n" "Language-Team: German (http://www.transifex.com/otf/torproject/language/de/)\n" "MIME-Version: 1.0\n" diff --git a/es/openpgp-applet.pot b/es/openpgp-applet.pot index ff72d81ab..d48ce11b8 100644 --- a/es/openpgp-applet.pot +++ b/es/openpgp-applet.pot @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-31 23:29+\n" +"PO-Revision-Date: 2018-02-12 02:02+\n" "Last-Translator: Emma Peel\n" "Language-Team: Spanish (http://www.transifex.com/otf/torproject/language/es/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
commit a9e604acf36bcae475b6cf0c6c9de37a2c1a19f3 Author: Translation commit botDate: Mon Feb 12 02:19:38 2018 + Update translations for tails-openpgp-applet --- de/openpgp-applet.pot | 2 +- es/openpgp-applet.pot | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/de/openpgp-applet.pot b/de/openpgp-applet.pot index 0908afd25..1db83ef29 100644 --- a/de/openpgp-applet.pot +++ b/de/openpgp-applet.pot @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2017-09-22 17:51+\n" +"PO-Revision-Date: 2018-02-12 01:57+\n" "Last-Translator: spriver \n" "Language-Team: German (http://www.transifex.com/otf/torproject/language/de/)\n" "MIME-Version: 1.0\n" diff --git a/es/openpgp-applet.pot b/es/openpgp-applet.pot index ff72d81ab..d48ce11b8 100644 --- a/es/openpgp-applet.pot +++ b/es/openpgp-applet.pot @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-31 23:29+\n" +"PO-Revision-Date: 2018-02-12 02:02+\n" "Last-Translator: Emma Peel\n" "Language-Team: Spanish (http://www.transifex.com/otf/torproject/language/es/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2
commit 1a877693da774acea626acb4349a80010b058563 Merge: 2a24ce965 98fc8cd93 Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.3.2' into release-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 98fc8cd937a61becb96c848d7719012a9ce959ef Merge: 67043d957 b2c4d4e7f Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1
commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d Merge: 8939eaf47 84c13336c Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Permit kill(pid, 0) in the seccomp2 sandbox.
commit 7461cd30676da62324271ddd7b7d347eeff40266 Author: Nick MathewsonDate: Thu Nov 16 12:44:47 2017 -0500 Permit kill(pid, 0) in the seccomp2 sandbox. We don't want to allow general signals to be sent, but there's no problem sending a kill(0) to probe whether a process is there. Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox was introduced. --- changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/changes/bug24198 b/changes/bug24198 new file mode 100644 index 0..679070687 --- /dev/null +++ b/changes/bug24198 @@ -0,0 +1,4 @@ + o Minor bugfixes (controller, linux seccomp2 sandbox): +- Avoid a crash when attempting to use the seccomp2 sandbox + together with the OwningControllerProcess feature. + Fixes bug 24198; bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..0b862a549 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +static int +sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + (void) filter; +#ifdef __NR_kill + /* Allow killing anything with signal 0 -- it isn't really a kill. */ + return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), + SCMP_CMP(1, SCMP_CMP_EQ, 0)); +#else + return 0; +#endif +} + /** * Array of function pointers responsible for filtering different syscalls at * a parameter level. @@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = { sb_socket, sb_setsockopt, sb_getsockopt, -sb_socketpair +sb_socketpair, +sb_kill }; const char * ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Permit kill(pid, 0) in the seccomp2 sandbox.
commit 7461cd30676da62324271ddd7b7d347eeff40266 Author: Nick MathewsonDate: Thu Nov 16 12:44:47 2017 -0500 Permit kill(pid, 0) in the seccomp2 sandbox. We don't want to allow general signals to be sent, but there's no problem sending a kill(0) to probe whether a process is there. Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox was introduced. --- changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/changes/bug24198 b/changes/bug24198 new file mode 100644 index 0..679070687 --- /dev/null +++ b/changes/bug24198 @@ -0,0 +1,4 @@ + o Minor bugfixes (controller, linux seccomp2 sandbox): +- Avoid a crash when attempting to use the seccomp2 sandbox + together with the OwningControllerProcess feature. + Fixes bug 24198; bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..0b862a549 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +static int +sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + (void) filter; +#ifdef __NR_kill + /* Allow killing anything with signal 0 -- it isn't really a kill. */ + return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), + SCMP_CMP(1, SCMP_CMP_EQ, 0)); +#else + return 0; +#endif +} + /** * Array of function pointers responsible for filtering different syscalls at * a parameter level. @@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = { sb_socket, sb_setsockopt, sb_getsockopt, -sb_socketpair +sb_socketpair, +sb_kill }; const char * ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d Merge: 8939eaf47 84c13336c Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.3.1' into release-0.3.1
commit 97c988c4315f9ff4b4e892194bda3d640a368f7e Merge: c93f69af5 b2c4d4e7f Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.3.1' into release-0.3.1 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 98fc8cd937a61becb96c848d7719012a9ce959ef Merge: 67043d957 b2c4d4e7f Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Permit kill(pid, 0) in the seccomp2 sandbox.
commit 7461cd30676da62324271ddd7b7d347eeff40266 Author: Nick MathewsonDate: Thu Nov 16 12:44:47 2017 -0500 Permit kill(pid, 0) in the seccomp2 sandbox. We don't want to allow general signals to be sent, but there's no problem sending a kill(0) to probe whether a process is there. Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox was introduced. --- changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/changes/bug24198 b/changes/bug24198 new file mode 100644 index 0..679070687 --- /dev/null +++ b/changes/bug24198 @@ -0,0 +1,4 @@ + o Minor bugfixes (controller, linux seccomp2 sandbox): +- Avoid a crash when attempting to use the seccomp2 sandbox + together with the OwningControllerProcess feature. + Fixes bug 24198; bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..0b862a549 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +static int +sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + (void) filter; +#ifdef __NR_kill + /* Allow killing anything with signal 0 -- it isn't really a kill. */ + return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), + SCMP_CMP(1, SCMP_CMP_EQ, 0)); +#else + return 0; +#endif +} + /** * Array of function pointers responsible for filtering different syscalls at * a parameter level. @@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = { sb_socket, sb_setsockopt, sb_getsockopt, -sb_socketpair +sb_socketpair, +sb_kill }; const char * ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9
commit cb42f93a923ddf7455d7553e63abcf320bd2a00b Merge: 27c30bc22 84c13336c Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.2.9' into release-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d Merge: 8939eaf47 84c13336c Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 98fc8cd937a61becb96c848d7719012a9ce959ef Merge: 67043d957 b2c4d4e7f Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Permit kill(pid, 0) in the seccomp2 sandbox.
commit 7461cd30676da62324271ddd7b7d347eeff40266 Author: Nick MathewsonDate: Thu Nov 16 12:44:47 2017 -0500 Permit kill(pid, 0) in the seccomp2 sandbox. We don't want to allow general signals to be sent, but there's no problem sending a kill(0) to probe whether a process is there. Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox was introduced. --- changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/changes/bug24198 b/changes/bug24198 new file mode 100644 index 0..679070687 --- /dev/null +++ b/changes/bug24198 @@ -0,0 +1,4 @@ + o Minor bugfixes (controller, linux seccomp2 sandbox): +- Avoid a crash when attempting to use the seccomp2 sandbox + together with the OwningControllerProcess feature. + Fixes bug 24198; bugfix on 0.2.5.1-alpha. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..0b862a549 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +static int +sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + (void) filter; +#ifdef __NR_kill + /* Allow killing anything with signal 0 -- it isn't really a kill. */ + return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), + SCMP_CMP(1, SCMP_CMP_EQ, 0)); +#else + return 0; +#endif +} + /** * Array of function pointers responsible for filtering different syscalls at * a parameter level. @@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = { sb_socket, sb_setsockopt, sb_getsockopt, -sb_socketpair +sb_socketpair, +sb_kill }; const char * ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1
commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d Merge: 8939eaf47 84c13336c Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1
commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d Merge: 8939eaf47 84c13336c Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.2'
commit 019bb55181c8649cf45b7fcfff9a3e1bd06c4ab9 Merge: a7f5ece2b 98fc8cd93 Author: Nick MathewsonDate: Sun Feb 11 18:11:04 2018 -0500 Merge branch 'maint-0.3.2' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9
commit 84c13336c410ac218c70d6ce2ce6216f9b24e796 Merge: 848ba26c1 7461cd306 Author: Nick MathewsonDate: Sun Feb 11 18:10:59 2018 -0500 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 changes/bug24198 | 4 src/common/sandbox.c | 16 +++- 2 files changed, 19 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 67043d957f2f3cc107c5e0cb3f5c2caa35639506 Merge: 684d57fe8 8939eaf47 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
commit 8939eaf479bc123e774421c9de6dfc3c864e0326 Merge: eccef6ba6 848ba26c1 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.3.1' into release-0.3.1
commit c93f69af582141f846a0f7c5dfd30c293c901c58 Merge: cf55f0516 8939eaf47 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.3.1' into release-0.3.1 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2
commit 2a24ce9656cc36283b615b0da9e64c16adf36374 Merge: 9e81221c9 67043d957 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.3.2' into release-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Add a changes file.
commit 80bf270404a52c634a14f6aad594dec4e9ce1e12 Author: Nick MathewsonDate: Thu Nov 16 14:07:58 2017 -0500 Add a changes file. --- changes/ticket24315 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/ticket24315 b/changes/ticket24315 new file mode 100644 index 0..df34dbf41 --- /dev/null +++ b/changes/ticket24315 @@ -0,0 +1,3 @@ + o Major features (linux seccomp2 sandbox): +- Update the sandbox rules so that they should now work correctly with + Glibc 2.26. Closes ticket 24315. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1
commit 8939eaf479bc123e774421c9de6dfc3c864e0326 Merge: eccef6ba6 848ba26c1 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Check the libc version to decide whether to allow openat.
commit 2d3904aba67e79e57db1814033b1df3f77336065 Author: Nick MathewsonDate: Thu Nov 16 14:06:38 2017 -0500 Check the libc version to decide whether to allow openat. --- configure.ac | 2 ++ src/common/sandbox.c | 38 +- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index f2c3f90ba..3ff819052 100644 --- a/configure.ac +++ b/configure.ac @@ -390,6 +390,7 @@ AC_CHECK_FUNCS( getrlimit \ gettimeofday \ gmtime_r \ + gnu_get_libc_version \ htonll \ inet_aton \ ioctl \ @@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \ arpa/inet.h \ crt_externs.h \ execinfo.h \ + gnu/libc-version.h \ grp.h \ ifaddrs.h \ inttypes.h \ diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 417c1e305..d0ead2cae 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -56,6 +56,9 @@ #include #include +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif #ifdef HAVE_LINUX_NETFILTER_IPV4_H #include #endif @@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +#ifdef HAVE_GNU_LIBC_VERSION_H +#ifdef HAVE_GNU_GET_LIBC_VERSION +#define CHECK_LIBC_VERSION +#endif +#endif + +/* Return true if we think we're running with a libc that always uses + * openat on linux. */ +static int +libc_uses_openat_for_everything(void) +{ +#ifdef CHECK_LIBC_VERSION + const char *version = gnu_get_libc_version(); + if (version == NULL) +return 0; + + int major = -1; + int minor = -1; + + tor_sscanf(version, "%d.%d", , ); + if (major >= 3) +return 1; + else if (major == 2 && minor >= 26) +return 1; + else +return 0; +#else + return 0; +#endif +} + /** Allow a single file to be opened. If use_openat is true, * we're using a libc that remaps all the opens into openats. */ static int @@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc; sandbox_cfg_t *elem = NULL; + int use_openat = libc_uses_openat_for_everything(); + // for each dynamic parameter filters for (elem = filter; elem != NULL; elem = elem->next) { smp_param_t *param = elem->param; if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = allow_file_open(ctx, 0 /* */, param->value); + rc = allow_file_open(ctx, use_openat, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9
commit 27c30bc227b06bb43e170c454f8987f3a45b67cb Merge: da194bb49 848ba26c1 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.2.9' into release-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Make our seccomp2 sandbox handle Glibc 2.26
commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073 Author: Nick MathewsonDate: Thu Nov 16 13:53:48 2017 -0500 Make our seccomp2 sandbox handle Glibc 2.26 There are three changes here: * We need to allow epoll_pwait. * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC. * We need to use openat() instead of open(). Note that this fix is not complete, since the openat() change is turned off. The next commit will make the openat() change happen when we're running glibc 2.26 or later. Fix for 24315. --- src/common/sandbox.c | 35 +++ 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..417c1e305 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -127,6 +127,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif #ifdef HAVE_EVENTFD SCMP_SYS(eventfd2), #endif @@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +/** Allow a single file to be opened. If use_openat is true, + * we're using a libc that remaps all the opens into openats. */ +static int +allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) +{ + if (use_openat) { +return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), + SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); + } else { +return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), + SCMP_CMP_STR(0, SCMP_CMP_EQ, file)); + } +} + /** * Function responsible for setting up the open syscall for * the seccomp filter sandbox. @@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), -SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + rc = allow_file_open(ctx, 0 /* */, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); @@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat), +SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, +O_RDONLY)); + if (rc != 0) { +log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " +"libseccomp error %d", rc); +return rc; + } + return 0; } @@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), - SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW), SCMP_CMP(2, SCMP_CMP_EQ, 0)); if (rc) return rc; @@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) // function pointer for (i = 0; i < ARRAY_LENGTH(filter_func); i++) { -if ((filter_func[i])(ctx, cfg)) { +rc = filter_func[i](ctx, cfg); +if (rc) { log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp " "error %d", i, rc); return rc; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 67043d957f2f3cc107c5e0cb3f5c2caa35639506 Merge: 684d57fe8 8939eaf47 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
commit 8939eaf479bc123e774421c9de6dfc3c864e0326 Merge: eccef6ba6 848ba26c1 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Add a changes file.
commit 80bf270404a52c634a14f6aad594dec4e9ce1e12 Author: Nick MathewsonDate: Thu Nov 16 14:07:58 2017 -0500 Add a changes file. --- changes/ticket24315 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/ticket24315 b/changes/ticket24315 new file mode 100644 index 0..df34dbf41 --- /dev/null +++ b/changes/ticket24315 @@ -0,0 +1,3 @@ + o Major features (linux seccomp2 sandbox): +- Update the sandbox rules so that they should now work correctly with + Glibc 2.26. Closes ticket 24315. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Make our seccomp2 sandbox handle Glibc 2.26
commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073 Author: Nick MathewsonDate: Thu Nov 16 13:53:48 2017 -0500 Make our seccomp2 sandbox handle Glibc 2.26 There are three changes here: * We need to allow epoll_pwait. * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC. * We need to use openat() instead of open(). Note that this fix is not complete, since the openat() change is turned off. The next commit will make the openat() change happen when we're running glibc 2.26 or later. Fix for 24315. --- src/common/sandbox.c | 35 +++ 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..417c1e305 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -127,6 +127,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif #ifdef HAVE_EVENTFD SCMP_SYS(eventfd2), #endif @@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +/** Allow a single file to be opened. If use_openat is true, + * we're using a libc that remaps all the opens into openats. */ +static int +allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) +{ + if (use_openat) { +return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), + SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); + } else { +return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), + SCMP_CMP_STR(0, SCMP_CMP_EQ, file)); + } +} + /** * Function responsible for setting up the open syscall for * the seccomp filter sandbox. @@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), -SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + rc = allow_file_open(ctx, 0 /* */, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); @@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat), +SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, +O_RDONLY)); + if (rc != 0) { +log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " +"libseccomp error %d", rc); +return rc; + } + return 0; } @@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), - SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW), SCMP_CMP(2, SCMP_CMP_EQ, 0)); if (rc) return rc; @@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) // function pointer for (i = 0; i < ARRAY_LENGTH(filter_func); i++) { -if ((filter_func[i])(ctx, cfg)) { +rc = filter_func[i](ctx, cfg); +if (rc) { log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp " "error %d", i, rc); return rc; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.2'
commit a7f5ece2b9e64447c25e1c52bba48a1187c03fd0 Merge: bdc29eaa7 67043d957 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.3.2' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Merge branch 'ticket24315_029' into maint-0.2.9
commit 848ba26c188c43cb97a22d5911fceb3714a97272 Merge: 5dc785cee 80bf27040 Author: Nick MathewsonDate: Sun Feb 11 18:07:37 2018 -0500 Merge branch 'ticket24315_029' into maint-0.2.9 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Make our seccomp2 sandbox handle Glibc 2.26
commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073 Author: Nick MathewsonDate: Thu Nov 16 13:53:48 2017 -0500 Make our seccomp2 sandbox handle Glibc 2.26 There are three changes here: * We need to allow epoll_pwait. * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC. * We need to use openat() instead of open(). Note that this fix is not complete, since the openat() change is turned off. The next commit will make the openat() change happen when we're running glibc 2.26 or later. Fix for 24315. --- src/common/sandbox.c | 35 +++ 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..417c1e305 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -127,6 +127,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif #ifdef HAVE_EVENTFD SCMP_SYS(eventfd2), #endif @@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +/** Allow a single file to be opened. If use_openat is true, + * we're using a libc that remaps all the opens into openats. */ +static int +allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) +{ + if (use_openat) { +return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), + SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); + } else { +return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), + SCMP_CMP_STR(0, SCMP_CMP_EQ, file)); + } +} + /** * Function responsible for setting up the open syscall for * the seccomp filter sandbox. @@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), -SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + rc = allow_file_open(ctx, 0 /* */, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); @@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat), +SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, +O_RDONLY)); + if (rc != 0) { +log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " +"libseccomp error %d", rc); +return rc; + } + return 0; } @@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), - SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW), SCMP_CMP(2, SCMP_CMP_EQ, 0)); if (rc) return rc; @@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) // function pointer for (i = 0; i < ARRAY_LENGTH(filter_func); i++) { -if ((filter_func[i])(ctx, cfg)) { +rc = filter_func[i](ctx, cfg); +if (rc) { log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp " "error %d", i, rc); return rc; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Check the libc version to decide whether to allow openat.
commit 2d3904aba67e79e57db1814033b1df3f77336065 Author: Nick MathewsonDate: Thu Nov 16 14:06:38 2017 -0500 Check the libc version to decide whether to allow openat. --- configure.ac | 2 ++ src/common/sandbox.c | 38 +- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index f2c3f90ba..3ff819052 100644 --- a/configure.ac +++ b/configure.ac @@ -390,6 +390,7 @@ AC_CHECK_FUNCS( getrlimit \ gettimeofday \ gmtime_r \ + gnu_get_libc_version \ htonll \ inet_aton \ ioctl \ @@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \ arpa/inet.h \ crt_externs.h \ execinfo.h \ + gnu/libc-version.h \ grp.h \ ifaddrs.h \ inttypes.h \ diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 417c1e305..d0ead2cae 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -56,6 +56,9 @@ #include #include +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif #ifdef HAVE_LINUX_NETFILTER_IPV4_H #include #endif @@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +#ifdef HAVE_GNU_LIBC_VERSION_H +#ifdef HAVE_GNU_GET_LIBC_VERSION +#define CHECK_LIBC_VERSION +#endif +#endif + +/* Return true if we think we're running with a libc that always uses + * openat on linux. */ +static int +libc_uses_openat_for_everything(void) +{ +#ifdef CHECK_LIBC_VERSION + const char *version = gnu_get_libc_version(); + if (version == NULL) +return 0; + + int major = -1; + int minor = -1; + + tor_sscanf(version, "%d.%d", , ); + if (major >= 3) +return 1; + else if (major == 2 && minor >= 26) +return 1; + else +return 0; +#else + return 0; +#endif +} + /** Allow a single file to be opened. If use_openat is true, * we're using a libc that remaps all the opens into openats. */ static int @@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc; sandbox_cfg_t *elem = NULL; + int use_openat = libc_uses_openat_for_everything(); + // for each dynamic parameter filters for (elem = filter; elem != NULL; elem = elem->next) { smp_param_t *param = elem->param; if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = allow_file_open(ctx, 0 /* */, param->value); + rc = allow_file_open(ctx, use_openat, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Add a changes file.
commit 80bf270404a52c634a14f6aad594dec4e9ce1e12 Author: Nick MathewsonDate: Thu Nov 16 14:07:58 2017 -0500 Add a changes file. --- changes/ticket24315 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/ticket24315 b/changes/ticket24315 new file mode 100644 index 0..df34dbf41 --- /dev/null +++ b/changes/ticket24315 @@ -0,0 +1,3 @@ + o Major features (linux seccomp2 sandbox): +- Update the sandbox rules so that they should now work correctly with + Glibc 2.26. Closes ticket 24315. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Add a changes file.
commit 80bf270404a52c634a14f6aad594dec4e9ce1e12 Author: Nick MathewsonDate: Thu Nov 16 14:07:58 2017 -0500 Add a changes file. --- changes/ticket24315 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/ticket24315 b/changes/ticket24315 new file mode 100644 index 0..df34dbf41 --- /dev/null +++ b/changes/ticket24315 @@ -0,0 +1,3 @@ + o Major features (linux seccomp2 sandbox): +- Update the sandbox rules so that they should now work correctly with + Glibc 2.26. Closes ticket 24315. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1
commit 8939eaf479bc123e774421c9de6dfc3c864e0326 Merge: eccef6ba6 848ba26c1 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 67043d957f2f3cc107c5e0cb3f5c2caa35639506 Merge: 684d57fe8 8939eaf47 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Check the libc version to decide whether to allow openat.
commit 2d3904aba67e79e57db1814033b1df3f77336065 Author: Nick MathewsonDate: Thu Nov 16 14:06:38 2017 -0500 Check the libc version to decide whether to allow openat. --- configure.ac | 2 ++ src/common/sandbox.c | 38 +- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index f2c3f90ba..3ff819052 100644 --- a/configure.ac +++ b/configure.ac @@ -390,6 +390,7 @@ AC_CHECK_FUNCS( getrlimit \ gettimeofday \ gmtime_r \ + gnu_get_libc_version \ htonll \ inet_aton \ ioctl \ @@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \ arpa/inet.h \ crt_externs.h \ execinfo.h \ + gnu/libc-version.h \ grp.h \ ifaddrs.h \ inttypes.h \ diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 417c1e305..d0ead2cae 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -56,6 +56,9 @@ #include #include +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif #ifdef HAVE_LINUX_NETFILTER_IPV4_H #include #endif @@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +#ifdef HAVE_GNU_LIBC_VERSION_H +#ifdef HAVE_GNU_GET_LIBC_VERSION +#define CHECK_LIBC_VERSION +#endif +#endif + +/* Return true if we think we're running with a libc that always uses + * openat on linux. */ +static int +libc_uses_openat_for_everything(void) +{ +#ifdef CHECK_LIBC_VERSION + const char *version = gnu_get_libc_version(); + if (version == NULL) +return 0; + + int major = -1; + int minor = -1; + + tor_sscanf(version, "%d.%d", , ); + if (major >= 3) +return 1; + else if (major == 2 && minor >= 26) +return 1; + else +return 0; +#else + return 0; +#endif +} + /** Allow a single file to be opened. If use_openat is true, * we're using a libc that remaps all the opens into openats. */ static int @@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc; sandbox_cfg_t *elem = NULL; + int use_openat = libc_uses_openat_for_everything(); + // for each dynamic parameter filters for (elem = filter; elem != NULL; elem = elem->next) { smp_param_t *param = elem->param; if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = allow_file_open(ctx, 0 /* */, param->value); + rc = allow_file_open(ctx, use_openat, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1
commit 8939eaf479bc123e774421c9de6dfc3c864e0326 Merge: eccef6ba6 848ba26c1 Author: Nick MathewsonDate: Sun Feb 11 18:09:35 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/ticket24315 | 3 +++ configure.ac | 2 ++ src/common/sandbox.c | 71 +--- 3 files changed, 72 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Make our seccomp2 sandbox handle Glibc 2.26
commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073 Author: Nick MathewsonDate: Thu Nov 16 13:53:48 2017 -0500 Make our seccomp2 sandbox handle Glibc 2.26 There are three changes here: * We need to allow epoll_pwait. * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC. * We need to use openat() instead of open(). Note that this fix is not complete, since the openat() change is turned off. The next commit will make the openat() change happen when we're running glibc 2.26 or later. Fix for 24315. --- src/common/sandbox.c | 35 +++ 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 7f4511db2..417c1e305 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -127,6 +127,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), +#ifdef __NR_epoll_pwait +SCMP_SYS(epoll_pwait), +#endif #ifdef HAVE_EVENTFD SCMP_SYS(eventfd2), #endif @@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +/** Allow a single file to be opened. If use_openat is true, + * we're using a libc that remaps all the opens into openats. */ +static int +allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) +{ + if (use_openat) { +return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), + SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); + } else { +return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), + SCMP_CMP_STR(0, SCMP_CMP_EQ, file)); + } +} + /** * Function responsible for setting up the open syscall for * the seccomp filter sandbox. @@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), -SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + rc = allow_file_open(ctx, 0 /* */, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); @@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat), +SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, +O_RDONLY)); + if (rc != 0) { +log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " +"libseccomp error %d", rc); +return rc; + } + return 0; } @@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), - SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW), SCMP_CMP(2, SCMP_CMP_EQ, 0)); if (rc) return rc; @@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) // function pointer for (i = 0; i < ARRAY_LENGTH(filter_func); i++) { -if ((filter_func[i])(ctx, cfg)) { +rc = filter_func[i](ctx, cfg); +if (rc) { log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp " "error %d", i, rc); return rc; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Check the libc version to decide whether to allow openat.
commit 2d3904aba67e79e57db1814033b1df3f77336065 Author: Nick MathewsonDate: Thu Nov 16 14:06:38 2017 -0500 Check the libc version to decide whether to allow openat. --- configure.ac | 2 ++ src/common/sandbox.c | 38 +- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index f2c3f90ba..3ff819052 100644 --- a/configure.ac +++ b/configure.ac @@ -390,6 +390,7 @@ AC_CHECK_FUNCS( getrlimit \ gettimeofday \ gmtime_r \ + gnu_get_libc_version \ htonll \ inet_aton \ ioctl \ @@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \ arpa/inet.h \ crt_externs.h \ execinfo.h \ + gnu/libc-version.h \ grp.h \ ifaddrs.h \ inttypes.h \ diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 417c1e305..d0ead2cae 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -56,6 +56,9 @@ #include #include +#ifdef HAVE_GNU_LIBC_VERSION_H +#include +#endif #ifdef HAVE_LINUX_NETFILTER_IPV4_H #include #endif @@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +#ifdef HAVE_GNU_LIBC_VERSION_H +#ifdef HAVE_GNU_GET_LIBC_VERSION +#define CHECK_LIBC_VERSION +#endif +#endif + +/* Return true if we think we're running with a libc that always uses + * openat on linux. */ +static int +libc_uses_openat_for_everything(void) +{ +#ifdef CHECK_LIBC_VERSION + const char *version = gnu_get_libc_version(); + if (version == NULL) +return 0; + + int major = -1; + int minor = -1; + + tor_sscanf(version, "%d.%d", , ); + if (major >= 3) +return 1; + else if (major == 2 && minor >= 26) +return 1; + else +return 0; +#else + return 0; +#endif +} + /** Allow a single file to be opened. If use_openat is true, * we're using a libc that remaps all the opens into openats. */ static int @@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc; sandbox_cfg_t *elem = NULL; + int use_openat = libc_uses_openat_for_everything(); + // for each dynamic parameter filters for (elem = filter; elem != NULL; elem = elem->next) { smp_param_t *param = elem->param; if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(open)) { - rc = allow_file_open(ctx, 0 /* */, param->value); + rc = allow_file_open(ctx, use_openat, param->value); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " "libseccomp error %d", rc); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Add a cast to avoid a signed/unsigned comparison
commit 0bfd5a659777688798722a20f894797a4f4b54f0 Author: Nick MathewsonDate: Wed Jan 17 09:06:32 2018 -0500 Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1
commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11 Merge: 86583ad78 5dc785cee Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 684d57fe8a21ee74b7b66f0035674ccbe0c1f921 Merge: 4de20d175 eccef6ba6 Author: Nick MathewsonDate: Sun Feb 11 17:00:52 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --cc src/common/compat.c index 7fe97488e,4a1f0013c..83bb707e1 --- a/src/common/compat.c +++ b/src/common/compat.c @@@ -1753,14 -1752,13 +1754,13 @@@ set_max_file_descriptors(rlim_t limit, (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } - bad = 0; + couldnt_set = 0; } } -#endif /* OPEN_MAX */ +#endif /* defined(OPEN_MAX) */ - if (bad) { + if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", -strerror(errno)); - return -1; +strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2
commit 9e81221c96793adfe3c46979ae4f749ff26e3644 Merge: cb3c1f2e5 684d57fe8 Author: Nick MathewsonDate: Sun Feb 11 17:01:00 2018 -0500 Merge branch 'maint-0.3.2' into release-0.3.2 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.2'
commit bdc29eaa7efa4227cd718325d966c4e139a2fd47 Merge: a75ae628c 684d57fe8 Author: Nick MathewsonDate: Sun Feb 11 17:01:00 2018 -0500 Merge branch 'maint-0.3.2' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9
commit da194bb490e3f3e7ad9a06a43d7a007059a0e87f Merge: 890162761 5dc785cee Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.2.9' into release-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Don't treat a setrlimit failure as fatal.
commit 68ca6d2e1971372617f920e71a4a51e16900095e Author: Nick MathewsonDate: Thu Jan 4 13:20:37 2018 -0500 Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: +- Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, ) != 0) { -int bad = 1; +int couldnt_set = 1; +const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } -bad = 0; +couldnt_set = 0; } } #endif /* OPEN_MAX */ -if (bad) { +if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.3.1' into release-0.3.1
commit cf55f0516c9eecc3e2779931fdba9eeb5335f569 Merge: ed13a7f62 eccef6ba6 Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.3.1' into release-0.3.1 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11 Merge: 86583ad78 5dc785cee Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.1] Add a cast to avoid a signed/unsigned comparison
commit 0bfd5a659777688798722a20f894797a4f4b54f0 Author: Nick MathewsonDate: Wed Jan 17 09:06:32 2018 -0500 Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.2] Don't treat a setrlimit failure as fatal.
commit 68ca6d2e1971372617f920e71a4a51e16900095e Author: Nick MathewsonDate: Thu Jan 4 13:20:37 2018 -0500 Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: +- Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, ) != 0) { -int bad = 1; +int couldnt_set = 1; +const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } -bad = 0; +couldnt_set = 0; } } #endif /* OPEN_MAX */ -if (bad) { +if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Add a cast to avoid a signed/unsigned comparison
commit 0bfd5a659777688798722a20f894797a4f4b54f0 Author: Nick MathewsonDate: Wed Jan 17 09:06:32 2018 -0500 Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1
commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11 Merge: 86583ad78 5dc785cee Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Don't treat a setrlimit failure as fatal.
commit 68ca6d2e1971372617f920e71a4a51e16900095e Author: Nick MathewsonDate: Thu Jan 4 13:20:37 2018 -0500 Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: +- Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, ) != 0) { -int bad = 1; +int couldnt_set = 1; +const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } -bad = 0; +couldnt_set = 0; } } #endif /* OPEN_MAX */ -if (bad) { +if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 684d57fe8a21ee74b7b66f0035674ccbe0c1f921 Merge: 4de20d175 eccef6ba6 Author: Nick MathewsonDate: Sun Feb 11 17:00:52 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --cc src/common/compat.c index 7fe97488e,4a1f0013c..83bb707e1 --- a/src/common/compat.c +++ b/src/common/compat.c @@@ -1753,14 -1752,13 +1754,13 @@@ set_max_file_descriptors(rlim_t limit, (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } - bad = 0; + couldnt_set = 0; } } -#endif /* OPEN_MAX */ +#endif /* defined(OPEN_MAX) */ - if (bad) { + if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", -strerror(errno)); - return -1; +strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Add a cast to avoid a signed/unsigned comparison
commit 0bfd5a659777688798722a20f894797a4f4b54f0 Author: Nick MathewsonDate: Wed Jan 17 09:06:32 2018 -0500 Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1
commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11 Merge: 86583ad78 5dc785cee Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Don't treat a setrlimit failure as fatal.
commit 68ca6d2e1971372617f920e71a4a51e16900095e Author: Nick MathewsonDate: Thu Jan 4 13:20:37 2018 -0500 Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: +- Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, ) != 0) { -int bad = 1; +int couldnt_set = 1; +const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } -bad = 0; +couldnt_set = 0; } } #endif /* OPEN_MAX */ -if (bad) { +if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Add a cast to avoid a signed/unsigned comparison
commit 0bfd5a659777688798722a20f894797a4f4b54f0 Author: Nick MathewsonDate: Wed Jan 17 09:06:32 2018 -0500 Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.9] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9
commit 5dc785ceef465125f180f020991ec2c363bb8abc Merge: 320dac460 0bfd5a659 Author: Nick MathewsonDate: Sun Feb 11 16:51:53 2018 -0500 Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2
commit 684d57fe8a21ee74b7b66f0035674ccbe0c1f921 Merge: 4de20d175 eccef6ba6 Author: Nick MathewsonDate: Sun Feb 11 17:00:52 2018 -0500 Merge branch 'maint-0.3.1' into maint-0.3.2 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --cc src/common/compat.c index 7fe97488e,4a1f0013c..83bb707e1 --- a/src/common/compat.c +++ b/src/common/compat.c @@@ -1753,14 -1752,13 +1754,13 @@@ set_max_file_descriptors(rlim_t limit, (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } - bad = 0; + couldnt_set = 0; } } -#endif /* OPEN_MAX */ +#endif /* defined(OPEN_MAX) */ - if (bad) { + if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", -strerror(errno)); - return -1; +strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Don't treat a setrlimit failure as fatal.
commit 68ca6d2e1971372617f920e71a4a51e16900095e Author: Nick MathewsonDate: Thu Jan 4 13:20:37 2018 -0500 Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: +- Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, ) != 0) { -int bad = 1; +int couldnt_set = 1; +const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } -bad = 0; +couldnt_set = 0; } } #endif /* OPEN_MAX */ -if (bad) { +if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.9] Don't treat a setrlimit failure as fatal.
commit 68ca6d2e1971372617f920e71a4a51e16900095e Author: Nick MathewsonDate: Thu Jan 4 13:20:37 2018 -0500 Don't treat a setrlimit failure as fatal. Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we started doing setrlimit() in the first place. --- changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0..c9f81bd13 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: +- Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/src/common/compat.c b/src/common/compat.c index e16dfb1d2..a88e9b514 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1651,7 +1651,7 @@ get_max_sockets(void) * fail by returning -1 and max_out is untouched. * * If we are unable to set the limit value because of setrlimit() failing, - * return -1 and max_out is set to the current maximum value returned + * return 0 and max_out is set to the current maximum value returned * by getrlimit(). * * Otherwise, return 0 and store the maximum we found inside max_out @@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out) rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, ) != 0) { -int bad = 1; +int couldnt_set = 1; +const int setrlimit_errno = errno; #ifdef OPEN_MAX uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER; if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = try_limit; + rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " @@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out) (unsigned long)try_limit, (unsigned long)OPEN_MAX, (unsigned long)rlim.rlim_max); } -bad = 0; +couldnt_set = 0; } } #endif /* OPEN_MAX */ -if (bad) { +if (couldnt_set) { log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s", - strerror(errno)); - return -1; + strerror(setrlimit_errno)); } } /* leave some overhead for logs, etc, */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Add a cast to avoid a signed/unsigned comparison
commit 0bfd5a659777688798722a20f894797a4f4b54f0 Author: Nick MathewsonDate: Wed Jan 17 09:06:32 2018 -0500 Add a cast to avoid a signed/unsigned comparison --- src/common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.c b/src/common/compat.c index a88e9b514..4ac443c13 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out) if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) { /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is * full of nasty lies. I'm looking at you, OSX 10.5 */ - rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur); + rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur); if (setrlimit(RLIMIT_NOFILE, ) == 0) { if (rlim.rlim_cur < (rlim_t)limit) { log_warn(LD_CONFIG, "We are limited to %lu file descriptors by " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1
commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11 Merge: 86583ad78 5dc785cee Author: Nick MathewsonDate: Sun Feb 11 16:51:56 2018 -0500 Merge branch 'maint-0.2.9' into maint-0.3.1 changes/bug21074_downgrade | 4 src/common/compat.c| 14 +++--- 2 files changed, 11 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] rust: Replace two `unwrap()`s in FFI code with `unwrap_or()`s.
commit 45c59eff6c0b261d1f868eb22e0bd36a39dfdbb3 Author: Isis LovecruftDate: Sat Feb 10 01:21:31 2018 + rust: Replace two `unwrap()`s in FFI code with `unwrap_or()`s. --- src/rust/protover/ffi.rs | 2 +- src/rust/protover/protover.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs index d724c102d..2ee0286ec 100644 --- a/src/rust/protover/ffi.rs +++ b/src/rust/protover/ffi.rs @@ -232,7 +232,7 @@ pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const // we can see that the bytes we're passing into it 1) are valid UTF-8, // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL // byte. -supported = CStr::from_bytes_with_nul(elder_protocols).unwrap(); +supported = CStr::from_bytes_with_nul(elder_protocols).unwrap_or(empty); supported.as_ptr() } diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 826f1b73f..25f776aed 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -110,7 +110,7 @@ pub fn get_supported_protocols() -> &'static str { // The `unwrap` is safe becauase we SUPPORTED_PROTOCOLS is under // our control. str::from_utf8(_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1]) -.unwrap() +.unwrap_or("") } pub struct SupportedProtocols(HashMap ); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] chnages file for 25120
commit 3834441a72857fdc637f67d908acd3efd8ab0f12 Author: Nick MathewsonDate: Sun Feb 11 16:14:19 2018 -0500 chnages file for 25120 --- changes/bug25120 | 4 1 file changed, 4 insertions(+) diff --git a/changes/bug25120 b/changes/bug25120 new file mode 100644 index 0..7215756ef --- /dev/null +++ b/changes/bug25120 @@ -0,0 +1,4 @@ + o Minor features (logging): +- Clarify the log messages produced when getrandom() or a related + entropy-generation mechanism gives an error. Closes ticket + 25120. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'isis/bug25127_redux'
commit a75ae628c74d8105d7b021b051ffd6eaaed08904 Merge: 7aa94f744 45c59eff6 Author: Nick MathewsonDate: Sun Feb 11 16:17:41 2018 -0500 Merge remote-tracking branch 'isis/bug25127_redux' src/rust/protover/ffi.rs | 2 +- src/rust/protover/protover.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug25120'
commit 627974b02ed9e5c286055272f34bd8c1ba268267 Merge: 1df701c08 14c47a0b5 Author: Nick MathewsonDate: Sun Feb 11 16:10:58 2018 -0500 Merge branch 'bug25120' src/common/crypto.c | 31 --- 1 file changed, 20 insertions(+), 11 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] fix compilation.
commit 7aa94f744112d224dd7a5523faef7a9b858ad5b1 Author: Nick MathewsonDate: Sun Feb 11 16:16:58 2018 -0500 fix compilation. --- src/common/crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 6dce7d5e8..d85aca400 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1963,9 +1963,9 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) " function--probably because it is too old?" " Trying fallback method instead."); } else { -log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", - " Trying fallback method instead." - strerror(errno)); +log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s." + " Trying fallback method instead.", + strerror(errno)); } getrandom_works = 0; /* Don't bother trying again. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Slightly different wording for error cases around entropy source selection.
commit a2990081d516873d94643853d1a98b9cc3da55c4 Author: Alexander FærøyDate: Thu Feb 1 21:25:33 2018 +0100 Slightly different wording for error cases around entropy source selection. This patch makes the wording around error cases for selecting an entropy source in Tor slightly more verbose. We also let the user know when something goes wrong that we are trying out a fallback method instead. See: https://bugs.torproject.org/25120 --- src/common/crypto.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 2ecf64c39..0dcffd2fb 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1903,13 +1903,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) if (!provider_set) { if (!CryptAcquireContext(, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]"); + log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1]."); return -1; } provider_set = 1; } if (!CryptGenRandom(provider, out_len, out)) { -log_warn(LD_CRYPTO, "Can't get entropy from CryptoAPI."); +log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI."); return -1; } @@ -1954,9 +1954,11 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) log_warn(LD_CRYPTO, "Can't get entropy from getrandom()." " You are running a version of Tor built to support" " getrandom(), but the kernel doesn't implement this" - " function--probably because it is too old?"); + " function--probably because it is too old?" + " Trying fallback method instead."); } else { log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", +" Trying fallback method instead." strerror(errno)); } @@ -2009,7 +2011,7 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) size_t n; for (i = 0; filenames[i]; ++i) { -log_debug(LD_FS, "Considering %s for entropy", filenames[i]); +log_debug(LD_FS, "Considering %s as entropy source", filenames[i]); fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0); if (fd<0) continue; log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]); @@ -2019,7 +2021,8 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) /* LCOV_EXCL_START * We can't make /dev/foorandom actually fail. */ log_warn(LD_CRYPTO, - "Error reading from entropy source (read only %lu bytes).", + "Error reading from entropy source %s (read only %lu bytes).", + filenames[i], (unsigned long)n); return -1; /* LCOV_EXCL_STOP */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Lower log-level in different error conditions in entropy selection.
commit 14c47a0b5c8965463957f8c8c9311bcb96885049 Author: Alexander FærøyDate: Thu Feb 1 21:27:38 2018 +0100 Lower log-level in different error conditions in entropy selection. This patch lowers the log-level from warning to info in the cases where we are going to attempt another method as entropy source to hopefully make the user feel less concerned. See: https://bugs.torproject.org/25120 --- src/common/crypto.c | 32 +++- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 0dcffd2fb..f8da2fcf1 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1891,6 +1891,12 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) { tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE); + /* We only log at notice-level here because in the case that this function + * fails the crypto_strongest_rand_raw() caller will log with a warning-level + * message and let crypto_strongest_rand() error out and finally terminating + * Tor with an assertion error. + */ + #ifdef TOR_UNIT_TESTS if (break_strongest_rng_syscall) return -1; @@ -1903,13 +1909,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) if (!provider_set) { if (!CryptAcquireContext(, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1]."); + log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1]."); return -1; } provider_set = 1; } if (!CryptGenRandom(provider, out_len, out)) { -log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI."); +log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI."); return -1; } @@ -1951,14 +1957,14 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) /* Useful log message for errno. */ if (errno == ENOSYS) { -log_warn(LD_CRYPTO, "Can't get entropy from getrandom()." - " You are running a version of Tor built to support" - " getrandom(), but the kernel doesn't implement this" - " function--probably because it is too old?" - " Trying fallback method instead."); +log_notice(LD_CRYPTO, "Can't get entropy from getrandom()." + " You are running a version of Tor built to support" + " getrandom(), but the kernel doesn't implement this" + " function--probably because it is too old?" + " Trying fallback method instead."); } else { -log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", -" Trying fallback method instead." +log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", + " Trying fallback method instead." strerror(errno)); } @@ -2020,10 +2026,10 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) if (n != out_len) { /* LCOV_EXCL_START * We can't make /dev/foorandom actually fail. */ - log_warn(LD_CRYPTO, - "Error reading from entropy source %s (read only %lu bytes).", - filenames[i], - (unsigned long)n); + log_notice(LD_CRYPTO, + "Error reading from entropy source %s (read only %lu bytes).", + filenames[i], + (unsigned long)n); return -1; /* LCOV_EXCL_STOP */ } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [doctor/master] Notify if flag count substantially differ
commit 894501335535e04668fb63f3aadd5f25c7318ebe Author: Damian JohnsonDate: Sun Feb 11 12:50:42 2018 -0800 Notify if flag count substantially differ Recently dannenberg stopped issuing the Exit flag. Check Requested by nusenu... https://lists.torproject.org/pipermail/tor-dev/2018-February/012918.html --- consensus_health_checker.py | 30 ++ data/consensus_health.cfg | 1 + 2 files changed, 31 insertions(+) diff --git a/consensus_health_checker.py b/consensus_health_checker.py index 23f3f9d..e91e292 100755 --- a/consensus_health_checker.py +++ b/consensus_health_checker.py @@ -321,6 +321,7 @@ def run_checks(consensuses, votes): voting_bandwidth_scanners, #unmeasured_relays, has_authority_flag, +has_similar_flag_counts, is_recommended_versions, bad_exits_in_sync, bandwidth_authorities_in_sync, @@ -612,6 +613,35 @@ def has_authority_flag(latest_consensus, consensuses, votes): return issues +def has_similar_flag_counts(latest_consensus, consensuses, votes): + "Checks that flags issued by authorities are similar." + + issues = [] + flag_count = {} # {flag => count} + + for desc in latest_consensus.routers.values(): +for flag in desc.flags: + flag_count[flag] = flag_count.setdefault(flag, 0) + 1 + + for authority, vote in votes.items(): +authority_flag_count = {} + +for desc in vote.routers.values(): + for flag in desc.flags: +authority_flag_count[flag] = authority_flag_count.setdefault(flag, 0) + 1 + +for flag, count in flag_count.items(): + if flag == 'BadExit': +continue + + vote_count = authority_flag_count.get(flag, 0) + + if vote_count > count * 1.5 or vote_count < count * 0.5: +issues.append(Issue(Runlevel.NOTICE, 'FLAG_COUNT_DIFFERS', authority = authority, flag = flag, consensus_count = count, vote_count = vote_count, to = [authority])) + + return issues + + def has_expected_fingerprints(latest_consensus, consensuses, votes): "Checks that the authorities have the fingerprints that we expect." diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg index 423ab6d..326aa20 100644 --- a/data/consensus_health.cfg +++ b/data/consensus_health.cfg @@ -14,6 +14,7 @@ msg TOO_MANY_UNMEASURED_RELAYS => As a bandwidth authority {authority} lacked a msg MISSING_VOTES => The consensuses downloaded from the following authorities are missing votes that are contained in consensuses downloaded from other authorities: {authorities} msg MISSING_AUTHORITIES => The following authorities are missing from the consensus: {authorities} msg EXTRA_AUTHORITIES => The following authorities were not expected in the consensus: {authorities} +msg FLAG_COUNT_DIFFERS => {authority} had {vote_count} {flag} flags in its vote but the consensus had {consensus_count} msg FINGERPRINT_MISMATCH => {authority} had a different fingerprint than we expected (expected: {expected}, actual: {actual}) msg TOR_OUT_OF_DATE => The following authorities are an out of date version of tor: {authorities} msg BADEXIT_OUT_OF_SYNC => Authorities disagree about the BadExit flag for {fingerprint} ({counts}) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits