10 years ago · 89b39db003
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -56,6 +56,7 @@
 
				 #include "../common/util.h"
			
 
				 #include "container.h"
			
 
				 #include "compat.h"
			
 
				+#include "sandbox.h"
			
 
				 
			
 
				 #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
			
 
				 #error "We require OpenSSL >= 0.9.8"
			
@@ -2349,7 +2350,7 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
 
				   return 0;
			
 
				 #else
			
 
				   for (i = 0; filenames[i]; ++i) {
			
 
				-    fd = open(filenames[i], O_RDONLY, 0);
			
 
				+    fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0);
			
 
				     if (fd<0) continue;
			
 
				     log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]);
			
 
				     n = read_all(fd, (char*)out, out_len, 0);
			
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -104,6 +104,8 @@ static int filter_nopar_gen[] = {
 
				     SCMP_SYS(exit_group),
			
 
				     SCMP_SYS(exit),
			
 
				 
			
 
				+    SCMP_SYS(madvise),
			
 
				+
			
 
				     // Not needed..
			
 
				 //    SCMP_SYS(set_thread_area),
			
 
				 //    SCMP_SYS(set_tid_address),
			
@@ -194,6 +196,13 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
				     return rc;
			
 
				   }
			
 
				 
			
 
				+  rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 2,
			
 
				+       SCMP_CMP(2, SCMP_CMP_EQ, PROT_NONE),
			
 
				+       SCMP_CMP(3, SCMP_CMP_EQ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE));
			
 
				+  if (rc) {
			
 
				+    return rc;
			
 
				+  }
			
 
				+
			
 
				   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 2,
			
 
				        SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE),
			
 
				        SCMP_CMP(3, SCMP_CMP_EQ, MAP_PRIVATE|MAP_ANONYMOUS));
			
@@ -430,6 +439,11 @@ sb_mprotect(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
				   if (rc)
			
 
				     return rc;
			
 
				 
			
 
				+  rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
			
 
				+      SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE));
			
 
				+  if (rc)
			
 
				+    return rc;
			
 
				+
			
 
				   rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
			
 
				       SCMP_CMP(2, SCMP_CMP_EQ, PROT_NONE));
			
 
				   if (rc)
			
@@ -675,7 +689,7 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 
				 static int
			
 
				 add_noparam_filter(scmp_filter_ctx ctx)
			
 
				 {
			
 
				-  int i, filter_size, rc = 0;
			
 
				+  int i, rc = 0;
			
 
				 
			
 
				   // add general filters
			
 
				   for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {
			
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -571,8 +571,6 @@ spawn_enough_cpuworkers(void)
 
				   if (num_cpuworkers_needed > MAX_CPUWORKERS)
			
 
				     num_cpuworkers_needed = MAX_CPUWORKERS;
			
 
				 
			
 
				-  getchar();
			
 
				-
			
 
				   while (num_cpuworkers < num_cpuworkers_needed) {
			
 
				     if (spawn_cpuworker() < 0) {
			
 
				       log_warn(LD_GENERAL,"Cpuworker spawn failed. Will try again later.");
			
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2665,9 +2665,16 @@ sandbox_init_filter()
 
				       get_datadir_fname("cached-microdescs.new.tmp"));
			
 
				   sandbox_cfg_allow_open_filename(&cfg,
			
 
				       get_datadir_fname("unverified-microdesc-consensus"));
			
 
				-  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-descriptors"));
			
 
				+  sandbox_cfg_allow_open_filename(&cfg,
			
 
				+      get_datadir_fname("cached-descriptors"));
			
 
				   sandbox_cfg_allow_open_filename(&cfg,
			
 
				       get_datadir_fname("cached-descriptors.new"));
			
 
				+  sandbox_cfg_allow_open_filename(&cfg,
			
 
				+      get_datadir_fname("cached-descriptors.tmp"));
			
 
				+  sandbox_cfg_allow_open_filename(&cfg,
			
 
				+      get_datadir_fname("cached-descriptors.new.tmp"));
			
 
				+  sandbox_cfg_allow_open_filename(&cfg,
			
 
				+      get_datadir_fname("cached-descriptors.tmp.tmp"));
			
 
				   sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-extrainfo"));
			
 
				   sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("state.tmp"));
			
 
				   sandbox_cfg_allow_open_filename(&cfg,
			
@@ -2682,6 +2689,8 @@ sandbox_init_filter()
 
				         get_datadir_fname2("keys", "secret_onion_key"));
			
 
				     sandbox_cfg_allow_open_filename(&cfg,
			
 
				         get_datadir_fname2("keys", "secret_onion_key_ntor"));
			
 
				+    sandbox_cfg_allow_open_filename(&cfg,
			
 
				+        get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"));
			
 
				     sandbox_cfg_allow_open_filename(&cfg,
			
 
				         get_datadir_fname2("keys", "secret_id_key.old"));
			
 
				     sandbox_cfg_allow_open_filename(&cfg,
			
@@ -2692,8 +2701,16 @@ sandbox_init_filter()
 
				         get_datadir_fname2("keys", "secret_onion_key.tmp"));
			
 
				 
			
 
				     sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("fingerprint"));
			
 
				+    sandbox_cfg_allow_open_filename(&cfg,
			
 
				+        get_datadir_fname("cached-consensus.tmp"));
			
 
				+    sandbox_cfg_allow_open_filename(&cfg,
			
 
				+        get_datadir_fname("cached-consensus"));
			
 
				 
			
 
				     sandbox_cfg_allow_open_filename(&cfg, "/etc/resolv.conf");
			
 
				+    sandbox_cfg_allow_open_filename(&cfg, "/dev/srandom");
			
 
				+    sandbox_cfg_allow_open_filename(&cfg, "/dev/urandom");
			
 
				+    sandbox_cfg_allow_open_filename(&cfg, "/dev/random");
			
 
				+
			
 
				   }
			
 
				 
			
 
				   sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");