713690 – net-vpn/tor: seccomp not enabled by USE flag

Bug 713690 - net-vpn/tor: seccomp not enabled by USE flag

Summary: net-vpn/tor: seccomp not enabled by USE flag

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	John Helmert III

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	seccomp
	Show dependency tree

Reported:	2020-03-20 20:43 UTC by Sam James
Modified:	2024-04-15 07:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-03-20 20:43:47 UTC

Tor needs `Sandbox 1` in its `torrc` file to use seccomp filtering, even if USE=seccomp is enabled.

We may want to insert it via /etc/conf.d/torrc (and systemd's equivalent) to avoid messing with user's `torrcs`.

I experienced a crash [0] on my arm64 and amd64 system which I have reported upstream. Others have not experienced this on Gentoo, however.

[0] https://trac.torproject.org/projects/tor/ticket/33346

Comment 1 Anthony Basile gentoo-dev

2020-03-20 22:46:36 UTC

(In reply to sam_c (Security Padawan) from comment #0)
> Tor needs `Sandbox 1` in its `torrc` file to use seccomp filtering, even if
> USE=seccomp is enabled.
> 
> We may want to insert it via /etc/conf.d/torrc (and systemd's equivalent) to
> avoid messing with user's `torrcs`.
> 
> I experienced a crash [0] on my arm64 and amd64 system which I have reported
> upstream. Others have not experienced this on Gentoo, however.
> 
> [0] https://trac.torproject.org/projects/tor/ticket/33346

If I add `Sandbox 1` unconditionally to the torrc, and we configure tor to be built without seccomp, does tor ignore the `Sandbox 1` configuration?

Comment 2 Sam James archtester

2020-03-21 01:07:57 UTC

(In reply to Anthony Basile from comment #1)
> If I add `Sandbox 1` unconditionally to the torrc, and we configure tor to
> be built without seccomp, does tor ignore the `Sandbox 1` configuration?

I was ready to tell you we could just patch out the dying and/or use %include in torrc. And then I tested...

>Mar 21 00:36:38 box Tor[26109]: This version of Tor was built without support
for sandboxing. To build with support for sandboxing on Linux, you must have libseccomp and its necessary header files (e.g. seccomp.h).

So, nothing happens. It just carries on. Yes, exactly.

(tested w/ 0.4.2.7.)

Comment 3 Larry the Git Cow gentoo-dev

2024-04-15 07:42:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e604b1d706779f2a93bf349380d4531c5eede5a

commit 6e604b1d706779f2a93bf349380d4531c5eede5a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-04-15 07:41:20 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-04-15 07:41:20 +0000

    net-vpn/tor: skip known-broken sandbox tests on arm32
    
    The seccomp support in Tor, just like seccomp in general, is known to
    be brittle and seccomp isn't enabled by default (bug #713690). It's therefore not a
    serious failure even if we'd like it to get fixed.
    
    Bug: https://bugs.gentoo.org/713690
    Closes: https://bugs.gentoo.org/920905
    Signed-off-by: Sam James <sam@gentoo.org>

 net-vpn/tor/tor-0.4.7.16-r1.ebuild | 13 ++++++++++++-
 net-vpn/tor/tor-0.4.8.10.ebuild    | 11 +++++++++++
 net-vpn/tor/tor-0.4.8.11.ebuild    | 11 +++++++++++
 net-vpn/tor/tor-9999.ebuild        | 13 ++++++++++++-
 4 files changed, 46 insertions(+), 2 deletions(-)