#29819: Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4 ---------------------------------------------+----------------------------- Reporter: toralf | Owner: nickm Type: defect | Status: assigned Priority: Medium | Milestone: Tor: | 0.4.0.x-final Component: Core Tor/Tor | Version: Tor: | unspecified Severity: Normal | Resolution: Keywords: crash, linux, sandbox, 040-must | Actual Points: Parent ID: | Points: 0.2 Reviewer: | Sponsor: ---------------------------------------------+----------------------------- Changes (by pege):
* cc: peter@… (added) * version: Tor: 0.4.0.2-alpha => Tor: unspecified Comment: I can reproduce this now. Running Tor 0.3.5.8 on Fedora 29 with libseccomp 0.2.4. The sandbox violation appears to be in libevent ([https://github.com/libevent/libevent/blob/release-2.1.8-stable/signal.c#L258 signal.c:258]) I'll to find some time in the next few days to track down the issue. I've no clue yet why this should behave differently with libseccomp 0.2.4. {{{ [user@repro-seccomp ~]$ sudo -u toranon gdb tor ... Reading symbols from tor...Reading symbols from /usr/lib/debug/usr/bin/tor-0.3.5.8-1.fc29.x86_64.debug...done. done. (gdb) r Starting program: /usr/bin/tor warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments warning: Loadable section ".note.gnu.property" outside of ELF segments Mar 24 22:30:52.707 [notice] Tor 0.3.5.8 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1b, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8. Mar 24 22:30:52.707 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Mar 24 22:30:52.707 [notice] Read configuration file "/etc/tor/torrc". Mar 24 22:30:52.709 [notice] Opening Socks listener on 127.0.0.1:9050 Mar 24 22:30:52.709 [notice] Opened Socks listener on 127.0.0.1:9050 Mar 24 22:30:52.709 [notice] Opening Control listener on /run/tor/control Mar 24 22:30:52.709 [notice] Opened Control listener on /run/tor/control Mar 24 22:30:52.000 [warn] Your log may contain sensitive information - you're logging more than "notice". Don't log unless it serves an important reason. Overwrite the log afterwards. Mar 24 22:30:52.000 [info] options_act_reversible(): Recomputed OOS thresholds: ConnLimit 1000, ConnLimit_ 4064, ConnLimit_high_thresh 4000, ConnLimit_low_thresh 3048 Mar 24 22:30:52.000 [debug] tor_disable_debugger_attach(): Attemping to disable debugger attachment to Tor for unprivileged users. Mar 24 22:30:52.000 [info] tor_lockfile_lock(): Locking "/var/lib/tor/.tor/lock" Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 128.31.0.39:9131 (9695) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 86.59.21.38:80 (847B) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 194.109.206.212:80 (7EA6) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 16 dirserver at 66.111.2.131:9030 (BA44) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 131.188.40.189:80 (F204) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 193.23.244.244:80 (7BE6) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 171.25.193.9:443 (BD6A) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 154.35.175.225:80 (CF6D) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 199.58.81.140:80 (74A9) Mar 24 22:30:52.000 [debug] parse_dir_authority_line(): Trusted 100 dirserver at 204.13.164.118:80 (24E2) Mar 24 22:30:52.000 [debug] file_status(): stat()ing /var/lib/tor/.tor/state Mar 24 22:30:52.000 [info] or_state_load(): Loaded state from "/var/lib/tor/.tor/state" Mar 24 22:30:52.000 [info] circuit_build_times_parse_state(): Adding 0 timeouts. Mar 24 22:30:52.000 [info] circuit_build_times_parse_state(): Loaded 0/0 values from 0 lines in circuit time histogram Mar 24 22:30:52.000 [info] read_file_to_str(): Could not open "/var/lib/tor/.tor/router-stability": No such file or directory Mar 24 22:30:52.000 [debug] tor_rename(): Renaming /run/tor/control.authcookie.tmp to /run/tor/control.authcookie Mar 24 22:30:52.000 [info] init_cookie_authentication(): Generated auth cookie file in '"/run/tor/control.authcookie"'. Mar 24 22:30:52.000 [debug] kist_scheduler_run_interval(): KISTSchedRunInterval=0, turning to the consensus. Mar 24 22:30:52.000 [debug] scheduler_can_use_kist(): Determined KIST sched_run_interval should be 10. Can use KIST. Mar 24 22:30:52.000 [info] scheduler_kist_set_full_mode(): Setting KIST scheduler with kernel support (KIST mode) Mar 24 22:30:52.000 [debug] kist_scheduler_run_interval(): KISTSchedRunInterval=0, turning to the consensus. Mar 24 22:30:52.000 [info] cmux_ewma_set_options(): Enabled cell_ewma algorithm because of value in CircuitPriorityHalflifeMsec in consensus; scale factor is 0.793701 per 10 seconds Mar 24 22:30:52.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Mar 24 22:30:52.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Mar 24 22:30:52.000 [info] add_predicted_port(): New port prediction added. Will continue predictive circ building for 2807 more seconds. Mar 24 22:30:52.000 [info] crypto_openssl_late_init(): NOT using OpenSSL engine support. Mar 24 22:30:52.000 [info] evaluate_evp_for_aes(): This version of OpenSSL has a known-good EVP counter-mode implementation. Using it. Program received signal SIGSYS, Bad system call. 0x00007ffff7879104 in __libc_sigaction (sig=sig@entry=1, act=act@entry=0x7fffffffe100, oact=0x5555560f8db0) at ../sysdeps/unix/sysv/linux/sigaction.c:58 58 result = INLINE_SYSCALL_CALL (rt_sigaction, sig, Missing separate debuginfos, use: dnf debuginfo-install libseccomp-2.4.0-0.fc29.x86_64 (gdb) bt #0 0x00007ffff7879104 in __libc_sigaction (sig=sig@entry=1, act=act@entry=0x7fffffffe100, oact=0x5555560f8db0) at ../sysdeps/unix/sysv/linux/sigaction.c:58 #1 0x00007ffff7879239 in __sigaction (sig=sig@entry=1, act=act@entry=0x7fffffffe100, oact=<optimized out>) at ../nptl/sigaction.c:30 #2 0x00007ffff7def062 in evsig_set_handler_ (base=base@entry=0x5555558808a0, evsignal=evsignal@entry=1, handler=handler@entry=0x7ffff7deec20 <evsig_handler>) at signal.c:258 #3 0x00007ffff7def1dc in evsig_add (base=0x5555558808a0, evsignal=1, old=<optimized out>, events=<optimized out>, p=<optimized out>) at signal.c:302 #4 0x00007ffff7de76f5 in evmap_signal_add_ (base=base@entry=0x5555558808a0, sig=<optimized out>, ev=ev@entry=0x55555587cf90) at evmap.c:457 #5 0x00007ffff7de27be in event_add_nolock_ (ev=ev@entry=0x55555587cf90, tv=tv@entry=0x0, tv_is_absolute=tv_is_absolute@entry=0) at event.c:2602 #6 0x00007ffff7de2a8e in event_add (ev=0x55555587cf90, tv=tv@entry=0x0) at event.c:2445 #7 0x00005555555acd6f in handle_signals () at src/app/main/main.c:508 #8 0x00005555555ad9df in run_tor_main_loop () at src/app/main/main.c:1275 #9 0x00005555555aee85 in tor_run_main (tor_cfg=tor_cfg@entry=0x555555852950) at src/app/main/main.c:1484 #10 0x00005555555ac07e in tor_main (argc=1, argv=0x7fffffffe528) at src/feature/api/tor_api.c:164 #11 0x00005555555abc0d in main (argc=<optimized out>, argv=<optimized out>) at src/app/main/tor_main.c:32 (gdb) l 53 SET_SA_RESTORER (&kact, act); 54 } 55 56 /* XXX The size argument hopefully will have to be changed to the 57 real size of the user-level sigset_t. */ 58 result = INLINE_SYSCALL_CALL (rt_sigaction, sig, 59 act ? &kact : NULL, 60 oact ? &koact : NULL, STUB(act) _NSIG / 8); 61 62 if (oact && result >= 0) (gdb) f 1 #1 0x00007ffff7879239 in __sigaction (sig=sig@entry=1, act=act@entry=0x7fffffffe100, oact=<optimized out>) at ../nptl/sigaction.c:30 30 return __libc_sigaction (sig, act, oact); (gdb) l 25 { 26 __set_errno (EINVAL); 27 return -1; 28 } 29 30 return __libc_sigaction (sig, act, oact); 31 } 32 libc_hidden_weak (__sigaction) 33 weak_alias (__sigaction, sigaction) (gdb) f 2 #2 0x00007ffff7def062 in evsig_set_handler_ (base=base@entry=0x5555558808a0, evsignal=evsignal@entry=1, handler=handler@entry=0x7ffff7deec20 <evsig_handler>) at signal.c:258 258 if (sigaction(evsignal, &sa, sig->sh_old[evsignal]) == -1) { (gdb) l 253 memset(&sa, 0, sizeof(sa)); 254 sa.sa_handler = handler; 255 sa.sa_flags |= SA_RESTART; 256 sigfillset(&sa.sa_mask); 257 258 if (sigaction(evsignal, &sa, sig->sh_old[evsignal]) == -1) { 259 event_warn("sigaction"); 260 mm_free(sig->sh_old[evsignal]); 261 sig->sh_old[evsignal] = NULL; 262 return (-1); }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29819#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs