#23706: Tor's seccomp sandbox does not know about the syscall epoll_pwait ------------------------------+------------------------------------ Reporter: cypherpunks | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Component: Core Tor/Tor | Version: Tor: 0.3.2.1-alpha Severity: Normal | Keywords: seccomp, sandbox, musl Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------+------------------------------------ I was playing with the seccomp sandbox with tor 3.2.1-alpha.
The system in question uses Musl as the standard C library. When adding "Sandbox 1" to a minimal torrc (attached at the end), this results in an error, saying "(Sandbox) Caught a bad syscall attempt (syscall epoll_pwait)". The operating system is Gentoo, and the kernel version is 4.9.24-grsec. It is reproducible on Alpine Linux (which also uses Musl as standard C library), but not on Debian, which suggests this is due to Musl exposing an extra system call to Tor that the sandbox does not recognize. It's also reproducible on tor-0.3.1.7, which suggests this is not a new defect for the 3.2.x series. The minimal torrc for which this is reproducible is as follows: User tor Log debug file /var/log/tor/tor.log DataDirectory /var/lib/tor/data Sandbox 1 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23706> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs