[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Tor seccomp2 sandboxing bug fixed

Seems this bug that prevented enabling seccomp is now fixed according to the changelog. Let’s see if it works for the next release.

https://blog.torproject.org/new-release-tor-0348-also-other-stable-updates-02917-03212-and-03310

Minor bugfixes (Linux seccomp2 sandbox):

Fix a bug in our sandboxing rules for the openat() syscall. Previously, no openat() call would be permitted, which would break filesystem operations on recent glibc versions. Fixes bug 25440; bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

3 Likes

Tor 0.4.3.1 seccomp fixed. This time for reals.

Major bugfixes (linux seccomp sandbox):

Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this lead to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber.
Fix crash when reloading logging configuration while the experimental sandbox is enabled. Fixes bug 32841; bugfix on 0.4.1.7. Patch by Peter Gerber.

https://blog.torproject.org/new-alpha-release-tor-0431-alpha

3 Likes

Here’s a (probably) foolish question I have
Does this concern the “Sandbox 1” option that can be set in the torrc file, or is this something else entirely?

That’s the one

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]