Bug #9284
Attaching Nyx (arm) to Tor's control port triggers sandbox
0%
Description
This is what Tor logs before it dies in Tails:
============================================================ T= 1430215250
(Sandbox) Caught a bad syscall attempt (syscall prlimit64)
/usr/bin/tor(+0x143019)[0xf76c1019]
/lib/i386-linux-gnu/libc.so.6(getrlimit64+0x2d)[0xf7205a6d]
/lib/i386-linux-gnu/libc.so.6(getrlimit64+0x2d)[0xf7205a6d]
/usr/bin/tor(set_max_file_descriptors+0x4e)[0xf76aa91e]
That was with Tor 0.2.6.7 with bug15482.patch applied (from the feature/9114-tor-with-bug15482.patch
branch), but it also affects 0.2.5.12; looking at Tor’s src/common/sandbox.c
the prlimit64
syscall indeed isn’t explicitly allowed while in sandbox mode. Deactivating Tor’s sandboxing (e.g. by running in “bridge mode”) fixes it. This is a regression since we introduced Tor sandboxing.
I has been reported upstream as Tor bug Feature #15211 and I will relay these finding there and then we have to wait for a fix.
Subtasks
History
#1 Updated by BitingBird 2015-05-01 10:19:07
- Subject changed from attaching arm to Tor's control port triggers sandbox to Attaching arm to Tor's control port triggers sandbox
#2 Updated by BitingBird 2015-05-09 02:44:51
- Target version changed from Tails_1.4 to Sustainability_M1
relaying intri: Bug #9284 won’t be fixed upstream soon, so it should become a code task on our side. Related to replacing Vidalia (since we’re going to rely on arm more). So, 2.0.
#3 Updated by intrigeri 2015-05-09 03:44:21
- Type of work changed from Wait to Code
#4 Updated by intrigeri 2015-05-21 19:09:02
- has duplicate
Bug #9447: Nyx (arm) crashes tor added
#5 Updated by intrigeri 2015-08-07 02:11:42
- Subject changed from Attaching arm to Tor's control port triggers sandbox to Attaching Nyx (arm) to Tor's control port triggers sandbox
#6 Updated by sajolida 2015-09-22 07:47:13
- Target version deleted (
Sustainability_M1)
#7 Updated by Anonymous 2017-06-29 13:47:55
The upstream ticket has been fixed: https://trac.torproject.org/projects/tor/ticket/15221
So, is this still relevant?
#8 Updated by Anonymous 2017-06-29 13:59:08
- Status changed from Confirmed to Rejected
From my understanding, we don’t ship Nyx anymore and the problem is well tracked upstream. So I’m closing this ticket.